Lucene search
NLnet LabsCVELIST:CVE-2021-43174HistoryNov 09, 2021 - 4:41 p.m.
CVE-2021-43174 gzip transfer encoding caused out-of-memory crash
2021-11-0916:41:41
CWE-1325
NLnet Labs
www.cve.org
6
routinator
out-of-memory crash
rrdp
xml
gzip transfer encoding
NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of white space in the encoded data. The gzip scheme compresses such white space extremely well, leading to very small compressed files that become huge when being decompressed for further processing, big enough that Routinator runs out of memory when parsing input data waiting for the next XML element.
CNA Affected
[
{
"product": "Routinator",
"vendor": "NLnet Labs",
"versions": [
{
"lessThanOrEqual": "0.10.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
prion
prion
Input validation
2021-11-09 17:15:00
cve
cve
CVE-2021-43174
2021-11-09 17:15:07
github
github
Memory exhaustion in routinator
2021-11-11 00:55:08
debiancve
debiancve
CVE-2021-43174
2021-11-09 17:15:07
nvd
nvd
CVE-2021-43174
2021-11-09 17:15:07
ubuntucve
ubuntucve
CVE-2021-43174
2021-11-09 00:00:00
osv
osv
CVE-2021-43172
2021-11-09 17:15:07
Routinator infinite loop vulnerability
2022-05-24 19:20:05
CVE-2021-43173
2021-11-09 17:15:07
freebsd
freebsd
routinator -- multiple vulnerabilities
2021-11-09 00:00:00
nessus
nessus
FreeBSD : routinator -- multiple vulnerabilities (9c990e67-6e30-11ec-82db-b42e991fc52e)
2022-01-05 00:00:00
Debian DSA-5041-1 : cfrpki - security update
2022-01-12 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5041-1)
2022-01-12 00:00:00
debian
debian
[SECURITY] [DSA 5041-1] cfrpki security update
2022-01-11 21:54:05