Vulnerabilities > Nlnetlabs

DATE CVE VULNERABILITY TITLE RISK
2022-01-21 CVE-2020-19861 Classic Buffer Overflow vulnerability in Nlnetlabs Ldns 1.7.1
When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file.
network
low complexity
nlnetlabs CWE-120
5.0
2022-01-21 CVE-2020-19860 Out-of-bounds Read vulnerability in Nlnetlabs Ldns 1.7.1
When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability.
network
nlnetlabs CWE-125
4.3
2021-11-09 CVE-2021-43172 Infinite Loop vulnerability in Nlnetlabs Routinator
NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run.
network
low complexity
nlnetlabs CWE-835
5.0
2021-11-09 CVE-2021-43173 Improper Handling of Exceptional Conditions vulnerability in multiple products
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive.
network
low complexity
nlnetlabs debian CWE-755
5.0
2021-11-09 CVE-2021-43174 Out-of-bounds Write vulnerability in multiple products
NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories.
network
low complexity
nlnetlabs debian CWE-787
5.0
2021-09-21 CVE-2021-41531 Improper Input Validation vulnerability in Nlnetlabs Routinator
NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA.
network
low complexity
nlnetlabs CWE-20
5.0
2021-04-27 CVE-2019-25041 Reachable Assertion vulnerability in multiple products
** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.
network
low complexity
nlnetlabs debian CWE-617
5.0
2021-04-27 CVE-2019-25039 Integer Overflow or Wraparound vulnerability in multiple products
** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.
network
low complexity
nlnetlabs debian CWE-190
7.5
2021-04-27 CVE-2019-25034 Integer Overflow or Wraparound vulnerability in multiple products
** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.
network
low complexity
nlnetlabs debian CWE-190
7.5
2021-04-27 CVE-2019-25032 Integer Overflow or Wraparound vulnerability in multiple products
** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.
network
low complexity
nlnetlabs debian CWE-190
7.5