An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://nicmx.github.io/FORT-validator/CVE.html |
History
Tue, 27 Aug 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Nicmx
Nicmx fort-validator |
|
Weaknesses | CWE-476 | |
CPEs | cpe:2.3:a:nicmx:fort-validator:*:*:*:*:*:*:*:* | |
Vendors & Products |
Nicmx
Nicmx fort-validator |
|
Metrics |
cvssV3_1
|
Mon, 26 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Sat, 24 Aug 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-08-24T00:00:00
Updated: 2024-08-26T13:39:29.539Z
Reserved: 2024-08-24T00:00:00
Link: CVE-2024-45239
Vulnrichment
Updated: 2024-08-26T13:39:25.371Z
NVD
Status : Analyzed
Published: 2024-08-24T23:15:04.353
Modified: 2024-08-27T15:49:31.417
Link: CVE-2024-45239
Redhat
No data.