FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
11982747-544c-11ee-ac3e-a04a5edf46d9	routinator -- multiple vulnerabilities NLnet Labs report: This release fixes two issues in Routinator that can be exploited remotely by rogue RPKI CAs and repositories. We therefore advise all users of Routinator to upgrade to this release at their earliest convenience. The first issue, CVE-2022-39915, can lead to Routinator crashing when trying to decode certain illegal RPKI objects. The second issue, CVE-2022-39916, only affects users that have the rrdp-keep-responses option enabled which allows storing all received RRDP responses on disk. Because the file name for these responses is derived from the URI and the path wasn't checked properly, a RRDP URI could be constructed that results in the response stored outside the directory, possibly overwriting existing files. Discovery 2022-12-08 Entry 2023-09-16 routinator < 0.12.2 CVE-2022-39915 https://nlnetlabs.nl/downloads/routinator/CVE-2023-39915.txt CVE-2022-39916 https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt
9c990e67-6e30-11ec-82db-b42e991fc52e	routinator -- multiple vulnerabilities nlnetlabs reports: Release 0.10.2 contains fixes for the following issues: Medium CVE-2021-43172: Infinite length chain of RRDP repositories. Credit: Koen van Hove. Date: 2021-11-09 Medium CVE-2021-43173: Hanging RRDP request. Credit: Koen van Hove. Date: 2021-11-09 Medium CVE-2021-43174: gzip transfer encoding caused out-of-memory crash. Credit Koen van Hove. Date: 2021-11-09 Discovery 2021-11-09 Entry 2022-01-05 routinator < 0.10.1 CVE-2021-43172 CVE-2021-43173 CVE-2021-43174 https://nlnetlabs.nl/projects/rpki/security-advisories/

VuXML ID

Description

11982747-544c-11ee-ac3e-a04a5edf46d9

routinator -- multiple vulnerabilities

NLnet Labs report:

This release fixes two issues in Routinator that can be exploited remotely by rogue RPKI CAs and repositories. We therefore advise all users of Routinator to upgrade to this release at their earliest convenience.

The first issue, CVE-2022-39915, can lead to Routinator crashing when trying to decode certain illegal RPKI objects.

The second issue, CVE-2022-39916, only affects users that have the rrdp-keep-responses option enabled which allows storing all received RRDP responses on disk. Because the file name for these responses is derived from the URI and the path wasn't checked properly, a RRDP URI could be constructed that results in the response stored outside the directory, possibly overwriting existing files.

Discovery 2022-12-08
Entry 2023-09-16
routinator

< 0.12.2

CVE-2022-39915
https://nlnetlabs.nl/downloads/routinator/CVE-2023-39915.txt
CVE-2022-39916
https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt

9c990e67-6e30-11ec-82db-b42e991fc52e

routinator -- multiple vulnerabilities

nlnetlabs reports:

Release 0.10.2 contains fixes for the following issues:

Medium CVE-2021-43172: Infinite length chain of RRDP repositories. Credit: Koen van Hove. Date: 2021-11-09

Medium CVE-2021-43173: Hanging RRDP request. Credit: Koen van Hove. Date: 2021-11-09

Medium CVE-2021-43174: gzip transfer encoding caused out-of-memory crash. Credit Koen van Hove. Date: 2021-11-09

Discovery 2021-11-09
Entry 2022-01-05
routinator

< 0.10.1

CVE-2021-43172
CVE-2021-43173
CVE-2021-43174
https://nlnetlabs.nl/projects/rpki/security-advisories/