CVE-2024-1622: 
NixOS vulnerability analysis and mitigation

CVE-2024-1622 affects Routinator, an RPKI relying party software, versions up to and including 0.13.1. The vulnerability was discovered by researchers from Internet Multifeed Co., Japan, and was disclosed in February 2024. The issue affects the RTR (Router) connection handling functionality of the software (NLnet Advisory).

The vulnerability stems from an improper error checking mechanism in Routinator's connection handling. Specifically, the software will terminate when an incoming RTR connection is reset by the peer too quickly after opening. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue is classified under CWE-754 (Improper Check for Unusual or Exceptional Conditions) and CWE-253 (Incorrect Check of Function Return Value) (NVD).

When exploited, this vulnerability causes the Routinator service to terminate, resulting in a denial of service condition. This can disrupt RPKI validation services, potentially affecting routing security for organizations relying on Routinator (NLnet Advisory).

The vulnerability has been fixed in Routinator version 0.13.2. Users are advised to upgrade to this version or later to address the issue. The fix includes proper handling of RTR connections that are reset shortly after being established (NLnet Advisory, Fedora Updates).