178 matches found
Fedora 45 : rust-fern / rust-ifcfg-devname / rust-routinator / rust-rpki / etc (2026-188f731254)
The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-188f731254 advisory. Update routinator to the latest, pulling in updated dependencies rpki and syslog, and switch fern to using syslog 7 instead of 6 for this update, an...
CVE-2026-49234
A flaw was found in Routinator. A remote attacker, with access to the API from untrusted networks, could send a specially crafted non-UTF-8 string as a query parameter to the /api/v1/origins endpoint. This action would cause the Routinator application to crash, leading to a denial of service DoS...
CVE-2026-49233
A flaw was found in Routinator. This vulnerability allows a remote attacker to perform path traversal by crafting a malicious rsync URI module name containing '..'. This improper check of the module component can lead to unauthorized access to the entire Routinator rsync cache, resulting in...
CVE-2026-49232
A flaw was found in Routinator. A remote attacker can exploit this vulnerability by opening a large number of connections to the HTTP or RTR Resource Public Key Infrastructure RPKI to Router server. This can cause Routinator to exit, leading to a Denial of Service DoS for affected services. This...
CVE-2026-49235
A flaw was found in Routinator. A remote attacker could exploit this vulnerability by providing a specially crafted Document Type Definition DTD file through the Relying Party RPKI Data Protocol RRDP. This could lead to Routinator crashing, resulting in a Denial of Service DoS for the affected...
GHSA-5QF9-CF9C-HJC6 Routinator crashes when encountering maliciously crafted RRDP XML files
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
GHSA-33MJ-99MG-8G73 Routinator has cache path traversal when processing the module component of rsync URIs
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...
Routinator crashes when encountering maliciously crafted RRDP XML files
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
Routinator crashes when sending a maliciously crafted select-asn query parameter
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...
Routinator has cache path traversal when processing the module component of rsync URIs
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...
GHSA-GC6Q-CWCJ-3VH9 Routinator crashes when sending a maliciously crafted select-asn query parameter
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...
CVE-2026-49235
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
CVE-2026-49234
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...
CVE-2026-49235
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
CVE-2026-49233
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...
CVE-2026-49232
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affec...
CVE-2026-49233
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...
CVE-2026-49235
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
EUVD-2026-35065
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
CVE-2026-49235
CVE-2026-49235 affects Routinator. According to the connected CVE entry, processing an RRDP file with a specifically crafted Document Type Definition (DTD) causes Routinator to crash. The CVSSv4.0 vector indicates high impact on availability (V AV:N/AC:L/VI:N/VA:H) with no confidentiality or inte...