How severe is CVE-2021-43174?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-43174?

This is classified as CWE-1325, which is a common weakness in software security.

CVE-2021-43174 - HIGH Severity | CVSS 7.5

Vulnerability Description

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of white space in the encoded data. The gzip scheme compresses such white space extremely well, leading to very small compressed files that become huge when being decompressed for further processing, big enough that Routinator runs out of memory when parsing input data waiting for the next XML element.

Related Vulnerabilities

CVE-2025-2240

HIGH

CVSS:7.5(High)

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates ...

CWE-13252025

CVE-2024-27796

HIGH

CVSS:8.1(High)

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to elevate privileges.

CWE-13252024

CVE-2024-2511

MEDIUM

CVSS:5.9(Medium)

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to tr...

CWE-13252024

CVE-2024-27796

HIGH

CVSS:8.1(High)

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to elevate privileges.

CWE-13252024

CVE-2025-2240

HIGH

CVSS:7.5(High)

CWE-13252025

CVE-2024-2511

MEDIUM

CVSS:5.9(Medium)

CWE-13252024