VYPR

Fort

by Fort

CVEs (8)

  • CVE-2024-45237CriAug 24, 2024
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a…

  • CVE-2024-45239HigAug 24, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is…

  • CVE-2024-45238HigAug 24, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this…

  • CVE-2024-45236HigAug 24, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because…

  • CVE-2024-45235HigAug 24, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this…

  • CVE-2024-45234HigAug 24, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in…

  • CVE-2024-56170MedDec 18, 2024
    risk 0.34cvss 5.3epss 0.00

    A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other…

  • CVE-2024-56169MedDec 18, 2024
    risk 0.34cvss 5.3epss 0.00

    A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However,…