An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://nicmx.github.io/FORT-validator/CVE.html |
History
Wed, 28 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Fort Validator Project
Fort Validator Project fort Validator |
|
CPEs | cpe:2.3:a:fort_validator_project:fort_validator:*:*:*:*:*:*:*:* | |
Vendors & Products |
Fort Validator Project
Fort Validator Project fort Validator |
|
Metrics |
ssvc
|
Tue, 27 Aug 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Nicmx
Nicmx fort-validator |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:nicmx:fort-validator:*:*:*:*:*:*:*:* | |
Vendors & Products |
Nicmx
Nicmx fort-validator |
|
Metrics |
cvssV3_1
|
Sat, 24 Aug 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-08-24T00:00:00
Updated: 2024-08-28T16:19:41.361Z
Reserved: 2024-08-24T00:00:00
Link: CVE-2024-45236
Vulnrichment
Updated: 2024-08-28T16:19:31.507Z
NVD
Status : Analyzed
Published: 2024-08-24T23:15:04.187
Modified: 2024-08-27T15:48:05.687
Link: CVE-2024-45236
Redhat
No data.