crates.io package
routinator
pkg:cargo/routinator
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-39916 | — | >= 0.9.0, < 0.12.2 | 0.12.2 | Sep 13, 2023 | NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP | ||
| CVE-2022-3029 | — | >= 0.9.0, < 0.11.3 | 0.11.3 | Sep 13, 2022 | In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial o | ||
| CVE-2021-43174 | — | >= 0.9.0, < 0.10.2 | 0.10.2 | Nov 9, 2021 | NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitra | ||
| CVE-2021-43172 | — | < 0.10.2 | 0.10.2 | Nov 9, 2021 | NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only |
- CVE-2023-39916Sep 13, 2023affected >= 0.9.0, < 0.12.2fixed 0.12.2
NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP
- CVE-2022-3029Sep 13, 2022affected >= 0.9.0, < 0.11.3fixed 0.11.3
In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial o
- CVE-2021-43174Nov 9, 2021affected >= 0.9.0, < 0.10.2fixed 0.10.2
NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitra
- CVE-2021-43172Nov 9, 2021affected < 0.10.2fixed 0.10.2
NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only