CVE-2026-49235
- EPSS 0.36%
- Veröffentlicht 08.06.2026 12:59:09
- Zuletzt bearbeitet 12.06.2026 01:37:20
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.
CVE-2026-49234
- EPSS 0.26%
- Veröffentlicht 08.06.2026 12:58:58
- Zuletzt bearbeitet 12.06.2026 01:28:23
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks.
CVE-2026-49233
- EPSS 0.43%
- Veröffentlicht 08.06.2026 12:58:49
- Zuletzt bearbeitet 12.06.2026 01:33:56
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker ac...
CVE-2026-49232
- EPSS 0.33%
- Veröffentlicht 08.06.2026 12:58:37
- Zuletzt bearbeitet 09.06.2026 15:20:23
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connect...
CVE-2025-0638
- EPSS 0.46%
- Veröffentlicht 22.01.2025 16:15:29
- Zuletzt bearbeitet 15.04.2026 00:35:42
The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator.
CVE-2024-1622
- EPSS 1%
- Veröffentlicht 26.02.2024 16:27:52
- Zuletzt bearbeitet 27.02.2025 03:05:58
Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.
CVE-2023-39915
- EPSS 0.52%
- Veröffentlicht 13.09.2023 15:15:07
- Zuletzt bearbeitet 21.11.2024 08:16:01
NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.
CVE-2023-39916
- EPSS 0.55%
- Veröffentlicht 13.09.2023 15:15:07
- Zuletzt bearbeitet 03.10.2025 10:15:33
NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content o...
CVE-2022-3029
- EPSS 0.72%
- Veröffentlicht 13.09.2022 16:15:09
- Zuletzt bearbeitet 21.11.2024 07:18:40
In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of ...
CVE-2021-43172
- EPSS 1.22%
- Veröffentlicht 09.11.2021 17:15:07
- Zuletzt bearbeitet 21.11.2024 06:28:46
NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously genera...