Routinator 0.13.2 ‘Existential Funk’ released

Published: Mon 26 February 2024
Last updated: Wed 24 July 2024

Today we released version 0.13.2 ‘Existential Funk’ of Routinator.

Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP workflow.

This release fixes an issue in the RTR server that can be exploited remotely to cause Routinator to exit. We advise all users of Routinator that provide a public RTR service to upgrade to this release at their earliest convenience.

The issue, assigned CVE-2024-1622, is caused when an incoming RTR connection is closed again very quickly. In this case Routinator’s RTR server mistakenly considers the RTR listener socket as failed and exits.

We would like to thank Yohei Nishimura, Atsushi Enomoto and Ruka Miyachi of Internet Multifeed Co., Japan for discovering and reporting this issue.

Related links:

software update