An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://nicmx.github.io/FORT-validator/CVE.html |
History
Wed, 28 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 27 Aug 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Nicmx
Nicmx fort-validator |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:nicmx:fort-validator:*:*:*:*:*:*:*:* | |
Vendors & Products |
Nicmx
Nicmx fort-validator |
|
Metrics |
cvssV3_1
|
Sat, 24 Aug 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-08-24T00:00:00
Updated: 2024-08-28T16:15:08.001Z
Reserved: 2024-08-24T00:00:00
Link: CVE-2024-45234
Vulnrichment
Updated: 2024-08-28T16:15:03.787Z
NVD
Status : Analyzed
Published: 2024-08-24T23:15:04.037
Modified: 2024-08-27T15:45:44.560
Link: CVE-2024-45234
Redhat
No data.