The CVE number for this vulnerability is CVE-2025-0638

== Summary
Previous versions of Routinator contain a problem where non-ASCII
characters in the file names listed in an RPKI manifest lead to a crash
of Routinator.

== Affected products
Routinator up to and including 0.14.0.

== Description
The initial code parsing the manifest did not check the content of the
file names yet later code assumed that it was checked and panicked when
encountering illegal characters, resulting in a crash of Routinator.

== Solution
Upgrade to version 0.14.1 or newer.

== Acknowledgment
We would like to thank Haya Schulmann and Niklas Vogel of Goethe University
Frankfurt/ATHENE Center for notifying us about this vulnerability.