Vulnerabilities > Nlnetlabs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-07 | CVE-2024-1931 | Infinite Loop vulnerability in multiple products NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. | 7.5 |
| 2024-02-14 | CVE-2023-50387 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. | 7.5 |
| 2023-09-13 | CVE-2023-39914 | Unspecified vulnerability in Nlnetlabs Bcder 0.7.2 NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. | 7.5 |
| 2023-09-13 | CVE-2023-39915 | Unspecified vulnerability in Nlnetlabs Routinator NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. | 7.5 |
| 2023-01-17 | CVE-2023-0158 | Unspecified vulnerability in Nlnetlabs Krill NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. | 7.5 |
| 2022-09-26 | CVE-2022-3204 | Resource Exhaustion vulnerability in multiple products A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. | 7.5 |
| 2022-09-13 | CVE-2022-3029 | Unspecified vulnerability in Nlnetlabs Routinator In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. | 7.5 |
| 2022-01-21 | CVE-2020-19861 | Out-of-bounds Read vulnerability in Nlnetlabs Ldns 1.7.1 When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. | 7.5 |
| 2021-11-09 | CVE-2021-43172 | Infinite Loop vulnerability in Nlnetlabs Routinator NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. | 7.5 |
| 2021-11-09 | CVE-2021-43173 | Resource Exhaustion vulnerability in multiple products In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. | 7.5 |