Products

Solutions

Company

Book A Live Demo

CVE-2021-43173 : Security Advisory and Response

Discover the impact and mitigation strategies for CVE-2021-43173, a vulnerability in Routinator by NLnet Labs. Learn how to prevent validation stalls and protect your systems.

In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. Learn about the impact, technical details, and mitigation strategies below.

Understanding CVE-2021-43173

CVE-2021-43173, also known as 'Hanging RRDP request,' poses a risk related to how Routinator handles RRDP connections.

What is CVE-2021-43173?

CVE-2021-43173 describes a vulnerability in Routinator that can result in the stalling of validation due to a delay caused by an RRDP repository. This delay can lead to outdated data being served or no data being served at all.

The Impact of CVE-2021-43173

The vulnerability allows malicious RRDP repositories to prolong the validation process, potentially causing a denial of service or serving outdated information due to stalled validation by Routinator.

Technical Details of CVE-2021-43173

Routinator's vulnerability to hanging RRDP requests is caused by improper handling of stalled connections.

Vulnerability Description

The issue stems from Routinator's timeout mechanism, which is not effectively applied to the complete request, allowing malicious RRDP repositories to extend the validation time by continuously feeding small amounts of data.

Affected Systems and Versions

Product: Routinator

Vendor: NLnet Labs

Versions Affected: Up to and including 0.10.1

Exploitation Mechanism

Malicious RRDP repositories exploit Routinator's timeout configuration by drip-feeding minimal data to extend the validation duration, leading to validation stalls.

Mitigation and Prevention

To address CVE-2021-43173, follow these steps:

Immediate Steps to Take

Update Routinator to version 0.10.2, where the vulnerability is fixed.

Monitor RRDP connections for unusual delays or stalls that could indicate an ongoing attack.

Long-Term Security Practices

Regularly update and patch Routinator to mitigate potential vulnerabilities.

Implement network-level protections to detect and block malicious traffic.

Patching and Updates

Apply security patches provided by NLnet Labs promptly to ensure protection against CVE-2021-43173.

CVE-2021-43173 : Security Advisory and Response

Understanding CVE-2021-43173

What is CVE-2021-43173?

The Impact of CVE-2021-43173

Technical Details of CVE-2021-43173

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2021-43173 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2021-43173

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2021-43173?

The Impact of CVE-2021-43173

Technical Details of CVE-2021-43173

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2021-43173

What is CVE-2021-43173?

Is your System Free of Underlying Vulnerabilities?
Find Out Now