Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

NLnet Labs — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting NLnet Labs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

NLnet Labs operates as a non-profit research organization primarily focused on developing open-source software for the Domain Name System (DNS) and internet infrastructure. Its most prominent contribution is Unbound, a validating, recursive, and caching DNS resolver widely deployed for its emphasis on security and privacy. Historically, vulnerabilities associated with its software have predominantly involved memory corruption issues, such as buffer overflows and use-after-free errors, rather than application-layer flaws like cross-site scripting. These defects typically stem from low-level C code implementation details. While no catastrophic, widespread breaches have defined its public history, the presence of twenty recorded CVEs indicates ongoing challenges in maintaining strict memory safety within complex network protocols. The organization generally addresses these findings through prompt patches, reflecting a standard open-source maintenance lifecycle where technical rigor in cryptographic and network logic is prioritized over commercial feature expansion.

Top products by NLnet Labs: unbound Routinator Krill bcder
CVE IDTitleCVSSSeverityPublished
CVE-2025-11411 Possible domain hijacking via promiscuous records in the authority section — UnboundCWE-349 7.5AIHighAI2025-10-22
CVE-2025-5994 Cache poisoning via the ECS-enabled Rebirthday Attack — UnboundCWE-349 5.3 -2025-07-16
CVE-2025-0638 Routinator crashes when illegal characters are present in manifest file names — RoutinatorCWE-1286 7.5 High2025-01-22
CVE-2024-8508 Unbounded name compression could lead to Denial of Service — UnboundCWE-606 5.3 Medium2024-10-03
CVE-2024-1931 Denial of service when trimming EDE text on positive replies — UnboundCWE-835 7.5 High2024-03-07
CVE-2024-1622 Routinator terminates when RTR connection is reset too quickly after opening — RoutinatorCWE-253 7.5 High2024-02-26
CVE-2023-39916 Possible path traversal when storing RRDP responses — RoutinatorCWE-35 9.3 Critical2023-09-13
CVE-2023-39915 Crashes on parsing certain invalid RPKI objects — RoutinatorCWE-232 7.5 High2023-09-13
CVE-2023-39914 BER/CER/DER decoder panics on invalid input — bcderCWE-232 7.5 High2023-09-13
CVE-2023-0158 Triggered crash on direct RRDP access — KrillCWE-248 6.5 -2023-01-17
CVE-2022-3204 NRDelegation Attack — Unbound 7.5 -2022-09-26
CVE-2022-3029 Fatal error on incorrect base64 data in RRDP — RoutinatorCWE-241 7.5 -2022-09-13
CVE-2022-30699 Novel "ghost domain names" attack by updating almost expired delegation information — Unbound 6.5 -2022-08-01
CVE-2022-30698 Novel "ghost domain names" attack by introducing subdomain delegations — Unbound 6.5 -2022-08-01
CVE-2021-43174 gzip transfer encoding caused out-of-memory crash — RoutinatorCWE-1325 7.5 -2021-11-09
CVE-2021-43173 Hanging RRDP request — RoutinatorCWE-755 7.5 -2021-11-09
CVE-2021-43172 Infinite length chain of RRDP repositories — RoutinatorCWE-674 7.5 -2021-11-09
CVE-2021-41531 Invalid RPKI data could disable Route Origin Validation on RTR clients. — RoutinatorCWE-1288 7.5 -2021-09-21
CVE-2020-28935 Local symlink attack in Unbound and NSD — UnboundCWE-59 7.8 -2020-12-07
CVE-2017-15105 Unbound 安全漏洞 — unboundCWE-358 5.3 -2018-01-23

This page lists every published CVE security advisory associated with NLnet Labs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.