3 matches found
CVE-2024-56375
An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a Manifest RPKI object containing an empty fileList. Fort dereferences and, shortly afterwards, writes to this array during a...
CVE-2024-45234
Fort validator (Fort) before 1.6.3 is affected by CVE-2024-45234 and related CVEs. A malicious RPKI repository descending from a trusted Trust Anchor can serve ROA/Manifest data with non-canonical signedAttrs, bypassing the BER/DER handling and causing a panic that can make Route Origin Validatio...
CVE-2024-45236
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying...