171 matches found
CVE-2026-49234
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...
CVE-2026-49232
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affec...
CVE-2026-49233
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...
CVE-2026-49235
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
Routinator has cache path traversal when processing the module component of rsync URIs
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...
Routinator crashes when sending a maliciously crafted select-asn query parameter
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...
Routinator crashes when encountering maliciously crafted RRDP XML files
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
GHSA-33MJ-99MG-8G73 Routinator has cache path traversal when processing the module component of rsync URIs
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...
GHSA-5QF9-CF9C-HJC6 Routinator crashes when encountering maliciously crafted RRDP XML files
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
GHSA-GC6Q-CWCJ-3VH9 Routinator crashes when sending a maliciously crafted select-asn query parameter
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...
CVE-2026-49234
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...
CVE-2026-49235
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
CVE-2026-49233
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...
CVE-2026-49232
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affec...
CVE-2026-49235
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
CVE-2026-49235 Routinator crashes on specifically crafted RRDP XML files
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
EUVD-2026-35065
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
CVE-2026-49235 Routinator crashes on specifically crafted RRDP XML files
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
CVE-2026-49235
CVE-2026-49235 affects Routinator. According to the connected CVE entry, processing an RRDP file with a specifically crafted Document Type Definition (DTD) causes Routinator to crash. The CVSSv4.0 vector indicates high impact on availability (V AV:N/AC:L/VI:N/VA:H) with no confidentiality or inte...
CVE-2026-49234 Routinator crashes on specifically crafted ASN strings in the API
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...