Nlnetlabs Routinator
12 CVEs affecting Nlnetlabs Routinator. Latest disclosed: 2026-06-08. Critical: 1, High: 11.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-39916 | Critical | 9.3 | 2023-09-13 | NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the op… |
CVE-2026-49235 | High | 7.5 | 2026-06-08 | When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes. |
CVE-2026-49234 | High | 7.5 | 2026-06-08 | When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects use… |
CVE-2026-49233 | High | 7.5 | 2026-06-08 | Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for… |
CVE-2024-1622 | High | 7.5 | 2024-02-26 | Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening. |
CVE-2023-39915 | High | 7.5 | 2023-09-13 | NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input chec… |
CVE-2022-3029 | High | 7.5 | 2022-09-13 | In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base… |
CVE-2021-43174 | High | 7.5 | 2021-11-09 | NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used… |
CVE-2021-43173 | High | 7.5 | 2021-11-09 | In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to… |
CVE-2021-43172 | High | 7.5 | 2021-11-09 | NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a… |
CVE-2021-41531 | High | 7.5 | 2021-09-21 | NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to… |
CVE-2020-17366 | High | 7.4 | 2020-08-05 | An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of… |