13 matches found
EUVD-2021-30119
Malicious code in bioql PyPI...
EUVD-2023-12248
Malicious code in bioql PyPI...
CVE-2023-0158 Triggered crash on direct RRDP access
NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to...
FreeBSD : routinator -- multiple vulnerabilities (9c990e67-6e30-11ec-82db-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9c990e67-6e30-11ec-82db-b42e991fc52e advisory. - NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of...
Inconsistent Validation
NLnet Labs Routinato has inconsistent validation. A validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value f...
CVE-2021-43173
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP...
CVE-2021-43174
NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...
Design/Logic Flaw
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP...
CVE-2021-43173
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP...
CVE-2021-43172
NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of anoth...
CVE-2021-43173
CVE-2021-43173 concerns NLnet Labs Routinator prior to 0.10.2. A validation run can be stalled by an RRDP repository that slowly drip-feeds bytes, exploiting the misapplied timeout (applied to individual reads/writes, not the whole request). This can cause validation to be delayed for so long tha...
GHSA-Q76J-58CX-WP5V Vulnerability in RPKI manifest validation
A vulnerability in RPKI manifest validation exists when objects on the manifest are hidden, or expired objects are replayed. An attacker successfully exploiting this vulnerability could prevent new ROAs from being received or selectively hide ROAs, causing routes to become INVALID. To exploit thi...
Vulnerability in RPKI manifest validation
A vulnerability in RPKI manifest validation exists when objects on the manifest are hidden, or expired objects are replayed. An attacker successfully exploiting this vulnerability could prevent new ROAs from being received or selectively hide ROAs, causing routes to become INVALID. To exploit thi...