Vulnerabilities > Nlnetlabs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-17 | CVE-2023-0158 | Unspecified vulnerability in Nlnetlabs Krill NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. | 7.5 |
| 2022-09-26 | CVE-2022-3204 | Resource Exhaustion vulnerability in multiple products A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. | 7.5 |
| 2022-08-01 | CVE-2022-30698 | Insufficient Session Expiration vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. | 6.5 |
| 2022-08-01 | CVE-2022-30699 | Insufficient Session Expiration vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. | 6.5 |
| 2022-01-21 | CVE-2020-19861 | Out-of-bounds Read vulnerability in Nlnetlabs Ldns 1.7.1 When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. | 7.5 |
| 2022-01-21 | CVE-2020-19860 | Out-of-bounds Read vulnerability in Nlnetlabs Ldns 1.7.1 When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. | 4.3 |
| 2021-11-09 | CVE-2021-43172 | Infinite Loop vulnerability in Nlnetlabs Routinator NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. | 5.0 |
| 2021-11-09 | CVE-2021-43173 | Resource Exhaustion vulnerability in multiple products In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. | 5.0 |
| 2021-11-09 | CVE-2021-43174 | Out-of-bounds Write vulnerability in multiple products NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. | 5.0 |
| 2021-09-21 | CVE-2021-41531 | Improper Input Validation vulnerability in Nlnetlabs Routinator NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. | 5.0 |