An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://nicmx.github.io/FORT-validator/CVE.html |
History
Mon, 26 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Fort Validator Project
Fort Validator Project fort Validator |
|
Weaknesses | CWE-476 | |
CPEs | cpe:2.3:a:fort_validator_project:fort_validator:*:*:*:*:*:*:*:* | |
Vendors & Products |
Fort Validator Project
Fort Validator Project fort Validator |
|
Metrics |
cvssV3_1
|
Sat, 24 Aug 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-08-24T00:00:00
Updated: 2024-08-26T16:32:08.578Z
Reserved: 2024-08-24T00:00:00
Link: CVE-2024-45235
Vulnrichment
Updated: 2024-08-26T16:31:56.995Z
NVD
Status : Undergoing Analysis
Published: 2024-08-24T23:15:04.130
Modified: 2024-08-26T17:35:17.953
Link: CVE-2024-45235
Redhat
No data.