routinator

crates.io4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting routinatorpage 1 of 1

CVE-2021-43172HIGHCVSS 7.5EG 7.5✓ Fixed in 0.10.2
2021-11-09
NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuo…
CVE-2021-43174HIGHCVSS 7.5EG 7.5✓ Fixed in 0.10.2
2021-11-09
NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routi…
CVE-2022-3029HIGHCVSS 7.5EG 7.5✓ Fixed in 0.11.3
2022-09-13
In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst ca…
CVE-2023-39916CRITICALCVSS 9.3EG 9.3✓ Fixed in 0.12.2
2023-09-13
NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store …

Check whether routinator is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for routinator CVEs against the assets you own.

Start Free Scan →