186 matches found
CVE-2024-45237
Fort Validator (before 1.6.3) is affected by CVE-2024-45237 due to a buffer overflow when parsing a resource certificate with a Key Usage extension longer than two bytes from a malicious RPKI repository (via RSYNC/RRDP). Consequence: potential crash/denial of service of the validator. Affected pl...
CVE-2024-45235
Fort validator (prior to 1.6.3) is affected by CVE-2024-45235 due to processing an Authority Key Identifier extension in a resource certificate that lacks the keyIdentifier field, which can cause a crash and lead to Route Origin Validation unavailability and potentially compromised routing. Conne...
CVE-2024-45236
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying...
FORT Validator 安全漏洞
FORT Validator is a NICMx open source RPKI dependency and RTR server. A security vulnerability exists in FORT Validator versions prior to 1.6.3 that stems from dereferencing pointers...
FORT Validator 安全漏洞
FORT Validator is a NICMx open source RPKI dependency and RTR server. A security vulnerability exists in FORT Validator versions prior to 1.6.3, which stems from dereferencing a pointer without first cleaning it up...
PT-2024-9114
Name of the Vulnerable Software and Affected Versions: Fort versions prior to 1.6.3 Description: The issue is related to a buffer overflow in the stack due to improper sanitization of the length of a Key Usage extension in a resource certificate served by a malicious RPKI repository. This can all...
PT-2024-31494
Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve a signed object containing an empty signedAttributes field via rsync or RRDP. Fort...
PT-2024-31495
Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve a resource certificate containing a bit string that doesn't properly decode into a...
PT-2024-31493
Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve a resource certificate containing an Authority Key Identifier extension that lacks t...
PT-2024-31492
Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This...
CVE-2024-45238
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsin...
CVE-2024-45235
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizi...
CVE-2024-45235
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizi...
CVE-2024-45238
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsin...
CVE-2024-45237
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without...
FORT Validator 安全漏洞
FORT Validator is an RPKI dependency and RTR server from NICMx Open Source. A security vulnerability exists in FORT Validator versions prior to 1.6.3, which stems from not properly cleaning up string lengths, resulting in a buffer overflow...
CVE-2024-45238
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsin...
CVE-2024-45236
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying...
CVE-2024-45234
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics...
CVE-2024-45239
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, ...