Vulnerabilities > Nlnetlabs

DATE CVE VULNERABILITY TITLE RISK
2024-10-03 CVE-2024-8508 Improper Validation of Specified Quantity in Input vulnerability in multiple products
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for.
network
low complexity
nlnetlabs debian CWE-1284
5.3
2024-03-07 CVE-2024-1931 Infinite Loop vulnerability in multiple products
NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop.
network
low complexity
nlnetlabs fedoraproject CWE-835
7.5
2024-02-14 CVE-2023-50387 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue.
7.5
2023-09-13 CVE-2023-39914 Unspecified vulnerability in Nlnetlabs Bcder 0.7.2
NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error.
network
low complexity
nlnetlabs
7.5
2023-09-13 CVE-2023-39915 Unspecified vulnerability in Nlnetlabs Routinator
NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects.
network
low complexity
nlnetlabs
7.5
2023-09-13 CVE-2023-39916 Path Traversal vulnerability in Nlnetlabs Routinator
NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests.
network
low complexity
nlnetlabs CWE-22
6.5
2023-01-17 CVE-2023-0158 Unspecified vulnerability in Nlnetlabs Krill
NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint.
network
low complexity
nlnetlabs
7.5
2022-09-26 CVE-2022-3204 Resource Exhaustion vulnerability in multiple products
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software.
network
low complexity
nlnetlabs fedoraproject CWE-400
7.5
2022-09-13 CVE-2022-3029 Unspecified vulnerability in Nlnetlabs Routinator
In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit.
network
low complexity
nlnetlabs
7.5
2022-08-01 CVE-2022-30698 Insufficient Session Expiration vulnerability in multiple products
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack.
network
low complexity
nlnetlabs fedoraproject CWE-613
6.5