Vulnerabilities > Nlnetlabs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-14 | CVE-2023-50387 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. | 7.5 |
| 2023-09-13 | CVE-2023-39914 | Unspecified vulnerability in Nlnetlabs Bcder NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. | 7.5 |
| 2023-09-13 | CVE-2023-39915 | Unspecified vulnerability in Nlnetlabs Routinator NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. | 7.5 |
| 2023-09-13 | CVE-2023-39916 | Path Traversal vulnerability in Nlnetlabs Routinator NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. | 6.5 |
| 2023-01-17 | CVE-2023-0158 | Unspecified vulnerability in Nlnetlabs Krill NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. | 7.5 |
| 2022-09-26 | CVE-2022-3204 | Resource Exhaustion vulnerability in multiple products A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. | 7.5 |
| 2022-09-13 | CVE-2022-3029 | Unspecified vulnerability in Nlnetlabs Routinator In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. | 7.5 |
| 2022-08-01 | CVE-2022-30698 | Insufficient Session Expiration vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. | 6.5 |
| 2022-08-01 | CVE-2022-30699 | Insufficient Session Expiration vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. | 6.5 |
| 2022-01-21 | CVE-2020-19861 | Out-of-bounds Read vulnerability in Nlnetlabs Ldns 1.7.1 When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. | 7.5 |