Lucene search
PRIOn knowledge basePRION:CVE-2021-43174HistoryNov 09, 2021 - 5:15 p.m.
Input validation
2021-11-0917:15:00
PRIOn knowledge base
www.prio-n.com
4
NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of white space in the encoded data. The gzip scheme compresses such white space extremely well, leading to very small compressed files that become huge when being decompressed for further processing, big enough that Routinator runs out of memory when parsing input data waiting for the next XML element.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 11.0 | |
| routinator | ge | 0.9.0 | |
| routinator | lt | 0.10.2 |
Related
cvelist
cvelist
CVE-2021-43174 gzip transfer encoding caused out-of-memory crash
2021-11-09 00:00:00
github
github
Memory exhaustion in routinator
2021-11-11 00:55:08
ubuntucve
ubuntucve
CVE-2021-43174
2021-11-09 00:00:00
debiancve
debiancve
CVE-2021-43174
2021-11-09 17:15:07
nvd
nvd
CVE-2021-43174
2021-11-09 17:15:07
cve
cve
CVE-2021-43174
2021-11-09 17:15:07
osv
osv
CVE-2021-43172
2021-11-09 17:15:07
Memory exhaustion in routinator
2021-11-11 00:55:08
CVE-2021-43174
2021-11-09 17:15:07
nessus
nessus
FreeBSD : routinator -- multiple vulnerabilities (9c990e67-6e30-11ec-82db-b42e991fc52e)
2022-01-05 00:00:00
Debian DSA-5041-1 : cfrpki - security update
2022-01-12 00:00:00
freebsd
freebsd
routinator -- multiple vulnerabilities
2021-11-09 00:00:00
debian
debian
[SECURITY] [DSA 5041-1] cfrpki security update
2022-01-11 21:54:05
openvas
openvas
Debian: Security Advisory (DSA-5041-1)
2022-01-12 00:00:00