Lucene search
K

186 matches found

CVE
CVE
added 2024/08/24 12:0 a.m.80 views

CVE-2024-45237

Fort Validator (before 1.6.3) is affected by CVE-2024-45237 due to a buffer overflow when parsing a resource certificate with a Key Usage extension longer than two bytes from a malicious RPKI repository (via RSYNC/RRDP). Consequence: potential crash/denial of service of the validator. Affected pl...

9.8CVSS7.1AI score0.00356EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/08/24 12:0 a.m.61 views

CVE-2024-45235

Fort validator (prior to 1.6.3) is affected by CVE-2024-45235 due to processing an Authority Key Identifier extension in a resource certificate that lacks the keyIdentifier field, which can cause a crash and lead to Route Origin Validation unavailability and potentially compromised routing. Conne...

7.5CVSS6.9AI score0.00305EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/24 12:0 a.m.10 views

CVE-2024-45236

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying...

6.8AI score0.00481EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/24 12:0 a.m.3 views

FORT Validator 安全漏洞

FORT Validator is a NICMx open source RPKI dependency and RTR server. A security vulnerability exists in FORT Validator versions prior to 1.6.3 that stems from dereferencing pointers...

7.5CVSS6.3AI score0.00305EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/24 12:0 a.m.4 views

FORT Validator 安全漏洞

FORT Validator is a NICMx open source RPKI dependency and RTR server. A security vulnerability exists in FORT Validator versions prior to 1.6.3, which stems from dereferencing a pointer without first cleaning it up...

7.5CVSS6.3AI score0.00305EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/24 12:0 a.m.4 views

PT-2024-9114

Name of the Vulnerable Software and Affected Versions: Fort versions prior to 1.6.3 Description: The issue is related to a buffer overflow in the stack due to improper sanitization of the length of a Key Usage extension in a resource certificate served by a malicious RPKI repository. This can all...

10CVSS7.7AI score0.00481EPSS
Exploits0References36
Positive Technologies
Positive Technologies
added 2024/08/24 12:0 a.m.4 views

PT-2024-31494

Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve a signed object containing an empty signedAttributes field via rsync or RRDP. Fort...

9.8CVSS6.8AI score0.00481EPSS
Exploits0References34
Positive Technologies
Positive Technologies
added 2024/08/24 12:0 a.m.3 views

PT-2024-31495

Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve a resource certificate containing a bit string that doesn't properly decode into a...

9.8CVSS6.6AI score0.00481EPSS
Exploits0References36
Positive Technologies
Positive Technologies
added 2024/08/24 12:0 a.m.4 views

PT-2024-31493

Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve a resource certificate containing an Authority Key Identifier extension that lacks t...

9.8CVSS6.7AI score0.00481EPSS
Exploits0References34
Positive Technologies
Positive Technologies
added 2024/08/24 12:0 a.m.4 views

PT-2024-31492

Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This...

9.8CVSS6.9AI score0.00481EPSS
Exploits0References34
OSV
OSV
added 2024/08/24 12:0 a.m.13 views

CVE-2024-45238

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsin...

7.5CVSS6.6AI score0.00305EPSS
Exploits0References4
OSV
OSV
added 2024/08/24 12:0 a.m.13 views

CVE-2024-45235

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizi...

7.5CVSS6.6AI score0.00305EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/08/24 12:0 a.m.13 views

CVE-2024-45235

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizi...

6.8AI score0.00305EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/24 12:0 a.m.11 views

CVE-2024-45238

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsin...

6.8AI score0.00305EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/24 12:0 a.m.11 views

CVE-2024-45237

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without...

7.1AI score0.00356EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/24 12:0 a.m.3 views

FORT Validator 安全漏洞

FORT Validator is an RPKI dependency and RTR server from NICMx Open Source. A security vulnerability exists in FORT Validator versions prior to 1.6.3, which stems from not properly cleaning up string lengths, resulting in a buffer overflow...

9.8CVSS6.7AI score0.00356EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/08/24 12:0 a.m.31 views

CVE-2024-45238

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsin...

7.5CVSS5.3AI score0.00305EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/08/24 12:0 a.m.11 views

CVE-2024-45236

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying...

7.5CVSS5.3AI score0.00481EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/08/24 12:0 a.m.15 views

CVE-2024-45234

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics...

7.5CVSS5.4AI score0.00452EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/08/24 12:0 a.m.26 views

CVE-2024-45239

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, ...

7.5CVSS5.3AI score0.00481EPSS
Exploits0
Rows per page
Query Builder