Vulnerabilities > Nlnetlabs

DATE CVE VULNERABILITY TITLE RISK
2021-09-21 CVE-2021-41531 Improper Input Validation vulnerability in Nlnetlabs Routinator
NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA.
network
low complexity
nlnetlabs CWE-20
5.0
2021-04-27 CVE-2019-25041 Reachable Assertion vulnerability in multiple products
** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.
network
low complexity
nlnetlabs debian CWE-617
5.0
2021-04-27 CVE-2019-25039 Integer Overflow or Wraparound vulnerability in multiple products
** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.
network
low complexity
nlnetlabs debian CWE-190
7.5
2021-04-27 CVE-2019-25034 Integer Overflow or Wraparound vulnerability in multiple products
** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.
network
low complexity
nlnetlabs debian CWE-190
7.5
2021-04-27 CVE-2019-25032 Integer Overflow or Wraparound vulnerability in multiple products
** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.
network
low complexity
nlnetlabs debian CWE-190
7.5
2021-04-27 CVE-2019-25042 Out-of-bounds Write vulnerability in multiple products
** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.
network
low complexity
nlnetlabs debian CWE-787
7.5
2021-04-27 CVE-2019-25040 Infinite Loop vulnerability in multiple products
** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.
network
low complexity
nlnetlabs debian CWE-835
5.0
2021-04-27 CVE-2019-25033 Integer Overflow or Wraparound vulnerability in multiple products
** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.
network
low complexity
nlnetlabs debian CWE-190
7.5
2021-04-27 CVE-2019-25038 Integer Overflow or Wraparound vulnerability in multiple products
** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.
network
low complexity
nlnetlabs debian CWE-190
7.5
2021-04-27 CVE-2019-25037 Reachable Assertion vulnerability in multiple products
** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.
network
low complexity
nlnetlabs debian CWE-617
5.0