UBUNTU-CVE-2024-56375

An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a Manifest RPKI object containing an empty fileList. Fort dereferences and, shortly afterwards, writes to this array during a...

CVE-2024-56170

Fort Validator (Fort) versions up to 1.6.4 prior to 2.0.0 contain a validation integrity issue in RPKI manifest handling. The root cause is that the system does not compare the up-to-dateness of the most recently fetched manifest against the cached one, allowing a rollback to a valid outdated man...

PT-2024-36728 · Fort +1 · Fort +1

Name of the Vulnerable Software and Affected Versions: Fort versions 1.6.4 and earlier, up to but not including 2.0.0 Description: A validation integrity issue was discovered in the product. RPKI Relying Parties, such as Fort, are supposed to maintain a backup cache of the remote RPKI data, which...

PT-2024-36729 · Fort +1 · Fort +1

Name of the Vulnerable Software and Affected Versions: Fort versions 1.6.4 and earlier, before 2.0.0 Description: A validation integrity issue was discovered in the product. RPKI manifests, which are listings of relevant files that clients are supposed to verify, contain the manifestNumber and...