EUVD-2021-2309

Malware in sbrugna...

FreeBSD : routinator -- multiple vulnerabilities (9c990e67-6e30-11ec-82db-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9c990e67-6e30-11ec-82db-b42e991fc52e advisory. - NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of...

Input validation

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...

CVE-2021-43174

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...

CVE-2021-43174

CVE-2021-43174 affects NLnet Labs Routinator 0.9.0 up to and including 0.10.1. The issue arises when querying RRDP repositories that use gzip transfer encoding: RRDP’s XML data can include large amounts of whitespace, and gzip compression can massively shrink this whitespace, causing decompressed...

CVE-2021-43174 gzip transfer encoding caused out-of-memory crash

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...