Known Vulnerabilities for products from Nlnetlabs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Nlnetlabs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-43174 | NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP reposi... | 7.5 - HIGH | 2021-11-09 | 2022-04-04 |
| CVE-2021-43173 | In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answerin... | 7.5 - HIGH | 2021-11-09 | 2022-08-09 |
| CVE-2021-43172 | NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never f... | 7.5 - HIGH | 2021-11-09 | 2022-04-25 |
| CVE-2021-41531 | NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length para... | 7.5 - HIGH | 2021-09-21 | 2021-10-05 |
| CVE-2020-28935 | NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a loca... | 5.5 - MEDIUM | 2020-12-07 | 2023-03-29 |
| CVE-2020-19861 | When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from... | 7.5 - HIGH | 2022-01-21 | 2022-10-05 |
| CVE-2020-19860 | When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnera... | 6.5 - MEDIUM | 2022-01-21 | 2022-01-27 |
| CVE-2020-17366 | An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access re... | 7.4 - HIGH | 2020-08-05 | 2023-01-27 |
| CVE-2020-12663 | Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | 7.5 - HIGH | 2020-05-19 | 2023-11-07 |
| CVE-2020-12662 | Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by ran... | 7.5 - HIGH | 2020-05-19 | 2023-11-07 |
| CVE-2020-10772 | An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414... | 7.5 - HIGH | 2020-11-27 | 2023-11-07 |
| CVE-2019-25042 | ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor dispu... | 9.8 - CRITICAL | 2021-04-27 | 2023-11-07 |
| CVE-2019-25041 | ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor dis... | 7.5 - HIGH | 2021-04-27 | 2023-11-07 |
| CVE-2019-25040 | ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor dispute... | 7.5 - HIGH | 2021-04-27 | 2023-11-07 |
| CVE-2019-25039 | ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor dis... | 9.8 - CRITICAL | 2021-04-27 | 2023-11-07 |
| CVE-2019-25038 | ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor... | 9.8 - CRITICAL | 2021-04-27 | 2023-11-07 |
| CVE-2019-25037 | ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet... | 7.5 - HIGH | 2021-04-27 | 2023-11-07 |
| CVE-2019-25036 | ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disput... | 7.5 - HIGH | 2021-04-27 | 2023-11-07 |
| CVE-2019-25035 | ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that thi... | 9.8 - CRITICAL | 2021-04-27 | 2023-11-07 |
| CVE-2019-25034 | ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bound... | 9.8 - CRITICAL | 2021-04-27 | 2023-11-07 |
Known software with vulnerabilities from Nlnetlabs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Nlnetlabs | Ldns | 0.50 |
| Application | Nlnetlabs | Name Server Daemon | 1.0.2 |
| Application | Nlnetlabs | Nsd | 3.0.0 |
| Application | Nlnetlabs | Routinator | 0.1.0 |
| Application | Nlnetlabs | Unbound | - |