Lucene search
+L

20 matches found

CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

NLnet Labs Routinator 安全漏洞

NLnet Labs Routinator is an open-source RPKI routing origin validation service developed by NLnet Labs. There is a security vulnerability in NLnet Labs Routinator: the system exits when an error occurs during HTTP or RTR connections. Attackers can exploit this condition by opening a large number ...

8.7CVSS5.3AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:52 p.m.9 views

CVE-2020-17366

An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate...

7.4CVSS7.1AI score0.00747EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2021-43173

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to...

7.5CVSS7.2AI score0.01434EPSS
Exploits0References3
Prion
Prion
added 2023/09/13 3:15 p.m.27 views

Input validation

NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914...

5CVSS7.4AI score0.00592EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/13 2:20 p.m.44 views

CVE-2023-39915 Crashes on parsing certain invalid RPKI objects

NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914...

7.5CVSS7.8AI score0.00515EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/09/14 12:0 a.m.31 views

NLnet Labs Routinator has Reachable Assertion vulnerability

In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files which are not correctly base 64 encoded are treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for...

7.5CVSS7.1AI score0.00748EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/09/13 4:15 p.m.34 views

CVE-2022-3029

In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for the...

7.5CVSS0.00748EPSS
Exploits0References1
OSV
OSV
added 2022/09/13 4:15 p.m.19 views

CVE-2022-3029

In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for the...

7.5CVSS7.5AI score0.00748EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/13 3:17 p.m.40 views

CVE-2022-3029 Fatal error on incorrect base64 data in RRDP

In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for the...

7.6AI score0.00748EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/01/05 12:0 a.m.29 views

FreeBSD : routinator -- multiple vulnerabilities (9c990e67-6e30-11ec-82db-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9c990e67-6e30-11ec-82db-b42e991fc52e advisory. - NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of...

7.5CVSS7.4AI score0.01434EPSS
Exploits0References5
OSV
OSV
added 2021/11/09 5:15 p.m.17 views

CVE-2021-43173

In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP...

7.5CVSS7.4AI score0.01434EPSS
Exploits0References3
Prion
Prion
added 2021/11/09 5:15 p.m.20 views

Design/Logic Flaw

In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP...

5CVSS7.4AI score0.01434EPSS
Exploits0References3Affected Software2
UbuntuCve
UbuntuCve
added 2021/11/09 5:15 p.m.20 views

CVE-2021-43173

In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP...

7.5CVSS7AI score0.01434EPSS
Exploits0References4
CVE
CVE
added 2021/11/09 4:41 p.m.78 views

CVE-2021-43174

CVE-2021-43174 affects NLnet Labs Routinator 0.9.0 up to and including 0.10.1. The issue arises when querying RRDP repositories that use gzip transfer encoding: RRDP’s XML data can include large amounts of whitespace, and gzip compression can massively shrink this whitespace, causing decompressed...

7.5CVSS7.6AI score0.01434EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2021/11/09 4:41 p.m.33 views

CVE-2021-43174

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...

7.5CVSS7.5AI score0.01168EPSS
Exploits0
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.19 views

NLnet Labs Routinator 资源管理错误漏洞

NLnet Labs Routinator is an RPKI Resource Public Key Infrastructure validator written in the Rust language from Stichting NLnet Stichting Nlnet Labs in the Netherlands. A security vulnerability exists in NLnet Labs Routinator that stems from improper design or implementation during code developme...

7.5CVSS7.3AI score0.01434EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.18 views

NLnet Labs Routinator 安全漏洞

NLnet Labs Routinator is an RPKI Resource Public Key Infrastructure validator written in Rust from Stichting NLnet Stichting Nlnet Labs in the Netherlands. NLnet Labs Routinator prior suffers from a security vulnerability that stems from the lack of an effective trust management mechanism in a...

7.5CVSS7.2AI score0.01434EPSS
Exploits0References2
CVE
CVE
added 2021/09/21 1:23 p.m.44 views

CVE-2021-41531

NLnet Labs Routinator (affected: versions prior to 0.10.0) contains a vulnerability where an invalid RTR payload is produced if a ROA’s max-length parameter value is too large for an RPKI CA. This causes RTR clients (e.g., routers) to reject the RPKI data set and effectively disables Route Origin...

7.5CVSS7.4AI score0.0093EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/21 1:23 p.m.24 views

CVE-2021-41531 Invalid RPKI data could disable Route Origin Validation on RTR clients.

NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation...

7.6AI score0.0093EPSS
Exploits0References1
CVE
CVE
added 2020/08/05 9:7 p.m.46 views

CVE-2020-17366

NLnet Labs Routinator versions 0.1.0 through 0.7.1 are affected by a vulnerability that allows remote attackers to bypass access restrictions or cause denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation (ROA) files or X.509 Certificate Revoc...

7.4CVSS7.3AI score0.00747EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder