10 matches found
CVE-2026-49235
A flaw was found in Routinator. A remote attacker could exploit this vulnerability by providing a specially crafted Document Type Definition DTD file through the Relying Party RPKI Data Protocol RRDP. This could lead to Routinator crashing, resulting in a Denial of Service DoS for the affected...
GHSA-5QF9-CF9C-HJC6 Routinator crashes when encountering maliciously crafted RRDP XML files
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
Routinator crashes when encountering maliciously crafted RRDP XML files
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
EUVD-2026-35065
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
CVE-2026-49235
CVE-2026-49235 affects Routinator. According to the connected CVE entry, processing an RRDP file with a specifically crafted Document Type Definition (DTD) causes Routinator to crash. The CVSSv4.0 vector indicates high impact on availability (V AV:N/AC:L/VI:N/VA:H) with no confidentiality or inte...
PT-2026-47304
Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator crashes when it encounters a file via RRDP Router Role Distribution Protocol that uses a specifically crafted Document Type Definition DTD, which is a set of markup declarations...
DEBIAN-CVE-2024-45234
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics...
DEBIAN-CVE-2021-43174
NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...
UBUNTU-CVE-2021-43174
NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...
UBUNTU-CVE-2021-43173
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP...