Critical severity9.1NVD Advisory· Published Jul 30, 2020· Updated Jun 17, 2026
CVE-2020-16163
CVE-2020-16163
Description
An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent routing systems. NOTE: third parties assert that the behavior is intentionally permitted by RFC 8182
Affected products
2- RIPE NCC/RPKI Validatordescription
- Range: <3.1-2020.07.06.14.28
Patches
Vulnerability mechanics
References
1- github.com/RIPE-NCC/rpki-validator-3/issues/159nvdThird Party Advisory
News mentions
0No linked articles in our index yet.