Known Vulnerabilities for products from Nlnetlabs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Nlnetlabs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-39916 json | NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, o... | 6.5 - MEDIUM | 2023-09-13 | 2023-09-19 |
| CVE-2023-39915 json | NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. Th... | 7.5 - HIGH | 2023-09-13 | 2023-09-15 |
| CVE-2023-39914 json | NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than re... | 7.5 - HIGH | 2023-09-13 | 2023-09-15 |
| CVE-2023-0158 json | NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoin... | 7.5 - HIGH | 2023-01-17 | 2023-01-24 |
| CVE-2022-30699 json | NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The... | 6.5 - MEDIUM | 2022-08-01 | 2023-11-07 |
| CVE-2022-30698 json | NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The ... | 6.5 - MEDIUM | 2022-08-01 | 2023-11-07 |
| CVE-2022-3204 json | A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving s... | 7.5 - HIGH | 2022-09-26 | 2023-11-07 |
| CVE-2022-3029 json | In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delt... | 7.5 - HIGH | 2022-09-13 | 2023-11-07 |
| CVE-2021-43174 json | NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP reposi... | 7.5 - HIGH | 2021-11-09 | 2022-04-04 |
| CVE-2021-43173 json | In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answerin... | 7.5 - HIGH | 2021-11-09 | 2022-08-09 |
| CVE-2021-43172 json | NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never f... | 7.5 - HIGH | 2021-11-09 | 2022-04-25 |
| CVE-2021-41531 json | NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length para... | 7.5 - HIGH | 2021-09-21 | 2021-10-05 |
| CVE-2020-28935 json | NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a loca... | 5.5 - MEDIUM | 2020-12-07 | 2023-03-29 |
| CVE-2020-19861 json | When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from... | 7.5 - HIGH | 2022-01-21 | 2022-10-05 |
| CVE-2020-19860 json | When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnera... | 6.5 - MEDIUM | 2022-01-21 | 2022-01-27 |
| CVE-2020-17366 json | An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access re... | 7.4 - HIGH | 2020-08-05 | 2023-01-27 |
| CVE-2020-12663 json | Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | 7.5 - HIGH | 2020-05-19 | 2023-11-07 |
| CVE-2020-12662 json | Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by ran... | 7.5 - HIGH | 2020-05-19 | 2023-11-07 |
| CVE-2020-10772 json | An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414... | 7.5 - HIGH | 2020-11-27 | 2023-11-07 |
| CVE-2019-25042 json | ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor dispu... | 9.8 - CRITICAL | 2021-04-27 | 2023-11-07 |
Known software with vulnerabilities from Nlnetlabs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Nlnetlabs | Ldns | 0.50 |
| Application | Nlnetlabs | Name Server Daemon | 1.0.2 |
| Application | Nlnetlabs | Nsd | 3.0.0 |
| Application | Nlnetlabs | Routinator | 0.1.0 |
| Application | Nlnetlabs | Unbound | - |