Lucene search
+L

24 matches found

Veracode
Veracode
added 2024/08/27 8:24 p.m.6 views

NULL Pointer Dereference

Fort is vulnerable to NULL Pointer Dereference. The vulnerability is caused due to a malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a null eContent field which Fort dereferences without sanitizing it first. Because...

7.5CVSS6.6AI score0.00481EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/08/27 8:22 p.m.18 views

NULL Pointer Dereference

Fort is vulnerable to NULL Pointer Dereference. The vulnerability is caused due to a malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field which For...

7.5CVSS6.7AI score0.00305EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/08/27 8:22 p.m.14 views

Denial Of Service (DOS)

Fort is vulnerable to Denial Of Service DOS. The vulnerability is caused due to a malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a signedAttrs encoded in non-canonical form which bypasses Fort's BER decoder. This...

7.5CVSS6.8AI score0.00452EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/08/24 11:15 p.m.28 views

CVE-2024-45236

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying...

7.5CVSS0.00481EPSS
Exploits0References2
NVD
NVD
added 2024/08/24 11:15 p.m.30 views

CVE-2024-45238

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsin...

7.5CVSS0.00305EPSS
Exploits0References2
OSV
OSV
added 2024/08/24 11:15 p.m.14 views

CVE-2024-45239

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, ...

7.5CVSS6.7AI score
Exploits0References2
OSV
OSV
added 2024/08/24 11:15 p.m.18 views

CVE-2024-45234

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics...

7.5CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2024/08/24 11:15 p.m.14 views

CVE-2024-45236

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying...

7.5CVSS6.6AI score
Exploits0References2
OSV
OSV
added 2024/08/24 11:15 p.m.4 views

DEBIAN-CVE-2024-45234

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics...

7.5CVSS5.4AI score0.00452EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/08/24 11:15 p.m.22 views

CVE-2024-45234

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics...

7.5CVSS5.9AI score0.00452EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/08/24 11:15 p.m.14 views

CVE-2024-45239

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, ...

7.5CVSS5.9AI score0.00481EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/08/24 11:15 p.m.19 views

CVE-2024-45235

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizi...

7.5CVSS5.9AI score0.00305EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/08/24 11:15 p.m.14 views

CVE-2024-45236

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying...

7.5CVSS5.9AI score0.00481EPSS
Exploits0References3
CVE
CVE
added 2024/08/24 12:0 a.m.61 views

CVE-2024-45235

Fort validator (prior to 1.6.3) is affected by CVE-2024-45235 due to processing an Authority Key Identifier extension in a resource certificate that lacks the keyIdentifier field, which can cause a crash and lead to Route Origin Validation unavailability and potentially compromised routing. Conne...

7.5CVSS6.9AI score0.00305EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/08/24 12:0 a.m.85 views

CVE-2024-45234

Fort validator (Fort) before 1.6.3 is affected by CVE-2024-45234 and related CVEs. A malicious RPKI repository descending from a trusted Trust Anchor can serve ROA/Manifest data with non-canonical signedAttrs, bypassing the BER/DER handling and causing a panic that can make Route Origin Validatio...

7.5CVSS7.2AI score0.00452EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/24 12:0 a.m.28 views

CVE-2024-45238

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsin...

0.00305EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/24 12:0 a.m.34 views

CVE-2024-45239

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, ...

0.00481EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/24 12:0 a.m.31 views

CVE-2024-45235

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizi...

0.00305EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/24 12:0 a.m.26 views

CVE-2024-45236

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying...

0.00481EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/24 12:0 a.m.10 views

CVE-2024-45239

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, ...

7.1AI score0.00481EPSS
Exploits0References1
Rows per page
Query Builder