Nlnetlabs Routinator

12 CVEs affecting Nlnetlabs Routinator. Latest disclosed: 2026-06-08. Critical: 1, High: 11.

Top CVEs affecting Nlnetlabs Routinator
CVESeverityScorePublishedSummary
CVE-2023-39916Critical9.32023-09-13NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the op…
CVE-2026-49235High7.52026-06-08When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.
CVE-2026-49234High7.52026-06-08When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects use…
CVE-2026-49233High7.52026-06-08Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for…
CVE-2024-1622High7.52024-02-26Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.
CVE-2023-39915High7.52023-09-13NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input chec…
CVE-2022-3029High7.52022-09-13In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base…
CVE-2021-43174High7.52021-11-09NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used…
CVE-2021-43173High7.52021-11-09In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to…
CVE-2021-43172High7.52021-11-09NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a…
CVE-2021-41531High7.52021-09-21NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to…
CVE-2020-17366High7.42020-08-05An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of…