{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0638", "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "state": "PUBLISHED", "assignerShortName": "NLnet Labs", "dateReserved": "2025-01-22T11:07:17.929Z", "datePublished": "2025-01-22T15:48:44.796Z", "dateUpdated": "2025-02-12T20:41:23.525Z"}, "containers": {"cna": {"title": "Routinator crashes when illegal characters are present in manifest file names", "datePublic": "2025-01-22T00:00:00.000Z", "affected": [{"vendor": "NLnet Labs", "product": "Routinator", "versions": [{"version": "0.14.1", "status": "unaffected", "lessThan": "*", "versionType": "semver"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1286", "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input", "type": "CWE"}]}], "solutions": [{"lang": "en", "value": "This issue is fixed in 0.14.1 and all later versions."}], "timeline": [{"time": "2024-12-20T00:00:00.000Z", "lang": "en", "value": "Issue reported"}, {"time": "2025-01-22T00:00:00.000Z", "lang": "en", "value": "Fixes released"}], "credits": [{"lang": "en", "value": "Haya Schulmann, Niklas Vogel; Goethe University Frankfurt/ATHENE Center", "type": "finder"}], "references": [{"url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2025-0638.txt", "tags": ["vendor-advisory"]}], "providerMetadata": {"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "shortName": "NLnet Labs", "dateUpdated": "2025-01-22T15:48:44.796Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0638", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-22T16:15:35.504737Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:41:23.525Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0638", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-22T16:15:35.504737Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:33:39.315Z"}}], "cna": {"title": "Routinator crashes when illegal characters are present in manifest file names", "credits": [{"lang": "en", "type": "finder", "value": "Haya Schulmann, Niklas Vogel; Goethe University Frankfurt/ATHENE Center"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NLnet Labs", "product": "Routinator", "versions": [{"status": "unaffected", "version": "0.14.1", "lessThan": "*", "versionType": "semver"}], "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-12-20T00:00:00.000Z", "value": "Issue reported"}, {"lang": "en", "time": "2025-01-22T00:00:00.000Z", "value": "Fixes released"}], "solutions": [{"lang": "en", "value": "This issue is fixed in 0.14.1 and all later versions."}], "datePublic": "2025-01-22T00:00:00.000Z", "references": [{"url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2025-0638.txt", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1286", "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input"}]}], "providerMetadata": {"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "shortName": "NLnet Labs", "dateUpdated": "2025-01-22T15:48:44.796Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0638", "state": "PUBLISHED", "dateUpdated": "2025-02-12T20:41:23.525Z", "dateReserved": "2025-01-22T11:07:17.929Z", "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "datePublished": "2025-01-22T15:48:44.796Z", "assignerShortName": "NLnet Labs"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator."}], "id": "CVE-2025-0638", "lastModified": "2025-01-22T16:15:29.977", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sep@nlnetlabs.nl", "type": "Secondary"}]}, "published": "2025-01-22T16:15:29.977", "references": [{"source": "sep@nlnetlabs.nl", "url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2025-0638.txt"}], "sourceIdentifier": "sep@nlnetlabs.nl", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1286"}], "source": "sep@nlnetlabs.nl", "type": "Secondary"}]}

{}