Vulnerabilities > Nlnetlabs
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-03 | CVE-2024-8508 | Improper Validation of Specified Quantity in Input vulnerability in multiple products NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. | 5.3 |
2024-03-07 | CVE-2024-1931 | Infinite Loop vulnerability in multiple products NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. | 7.5 |
2024-02-14 | CVE-2023-50387 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. | 7.5 |
2023-09-13 | CVE-2023-39914 | Unspecified vulnerability in Nlnetlabs Bcder 0.7.2 NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. | 7.5 |
2023-09-13 | CVE-2023-39915 | Unspecified vulnerability in Nlnetlabs Routinator NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. | 7.5 |
2023-09-13 | CVE-2023-39916 | Path Traversal vulnerability in Nlnetlabs Routinator NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. | 6.5 |
2023-01-17 | CVE-2023-0158 | Unspecified vulnerability in Nlnetlabs Krill NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. | 7.5 |
2022-09-26 | CVE-2022-3204 | Resource Exhaustion vulnerability in multiple products A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. | 7.5 |
2022-09-13 | CVE-2022-3029 | Unspecified vulnerability in Nlnetlabs Routinator In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. | 7.5 |
2022-08-01 | CVE-2022-30698 | Insufficient Session Expiration vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. | 6.5 |