EUVD-2024-41380

Malicious code in bioql PyPI...

CVE-2024-56170

A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent...

CVE-2024-56169

Fort Validator (Fort) versions up to 1.6.4 are affected by a validation integrity issue where the backup cache is only used to save bandwidth, and there is no viable fallback if a fetch fails or yields incorrect files. This leads to incomplete route-origin validation data. Upgrading to 2.0.0 or l...

NULL Pointer Dereference

Fort is vulnerable to NULL Pointer Dereference. The vulnerability is caused due a malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. When compiled wi...

CVE-2024-45234

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics...