CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-1622 – Routinator terminates when RTR connection is reset too quickly after opening
https://notcve.org/view.php?id=CVE-2024-1622
26 Feb 2024 — Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening. Debido a un error en la verificación de errores, Routinator finalizará cuando el interlocutor restablezca una conexión RTR entrante demasiado rápido después de abrirla. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HPRUIPAI2BBDGFVLN733JLIUJWLEBLF • CWE-253: Incorrect Check of Function Return Value •
CVSS: 7.8EPSS: 29%CPEs: 21EXPL: 3CVE-2023-50387 – bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
https://notcve.org/view.php?id=CVE-2023-50387
13 Feb 2024 — Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. Ciertos aspectos DNSSEC del protocolo DNS (en RFC 4035 y RFC relacionados) permiten a ataca... • https://github.com/knqyf263/CVE-2023-50387 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39916 – Possible path traversal when storing RRDP responses
https://notcve.org/view.php?id=CVE-2023-39916
13 Sep 2023 — NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it. Routinator... • https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39915 – Crashes on parsing certain invalid RPKI objects
https://notcve.org/view.php?id=CVE-2023-39915
13 Sep 2023 — NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914. El Routinator de NLnet Labs hasta la versión 0.12.1 incluida puede fallar al intentar analizar ciertos objetos RPKI con formato incorrecto. Esto se debe a una verificación de entrada insuficiente en la biblioteca bder cubierta por CVE-2023-39914. NLnet Labs' Routinator up to and including version 0.... • https://nlnetlabs.nl/downloads/routinator/CVE-2023-39915.txt • CWE-228: Improper Handling of Syntactically Invalid Structure CWE-232: Improper Handling of Undefined Values CWE-240: Improper Handling of Inconsistent Structural Elements •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39914 – BER/CER/DER decoder panics on invalid input
https://notcve.org/view.php?id=CVE-2023-39914
13 Sep 2023 — NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding. La biblioteca bder de NLnet Labs hasta la versión 0.7.2 incluida entra en pánico al decodificar ciertos datos de entrada no válidos en lugar de rechazar los datos con un error. Esto puede afectar tanto a la etapa de decodificación real como... • https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt • CWE-228: Improper Handling of Syntactically Invalid Structure CWE-232: Improper Handling of Undefined Values CWE-240: Improper Handling of Inconsistent Structural Elements •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0158 – Triggered crash on direct RRDP access
https://notcve.org/view.php?id=CVE-2023-0158
17 Jan 2023 — NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to crash. If the built-in "/rrdp" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availabi... • https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt • CWE-248: Uncaught Exception •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-3204 – NRDelegation Attack
https://notcve.org/view.php?id=CVE-2022-3204
26 Sep 2022 — A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unrespo... • https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3029 – Fatal error on incorrect base64 data in RRDP
https://notcve.org/view.php?id=CVE-2022-3029
13 Sep 2022 — In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for the RPKI data that Routinator provides to routers. This may stop your network from validating route origins based on RPKI data. This vulnerability does not allow an attacker to manipulate RPKI data. En NLnet Labs Routi... • https://www.nlnetlabs.nl/downloads/routinator/CVE-2022-3029.txt • CWE-241: Improper Handling of Unexpected Data Type •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30699 – Novel "ghost domain names" attack by updating almost expired delegation information
https://notcve.org/view.php?id=CVE-2022-30699
01 Aug 2022 — NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. • https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html • CWE-613: Insufficient Session Expiration •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30698 – Novel "ghost domain names" attack by introducing subdomain delegations
https://notcve.org/view.php?id=CVE-2022-30698
01 Aug 2022 — NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new de... • https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html • CWE-613: Insufficient Session Expiration •