Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-45236

Опубликовано: 24 авг. 2024
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:nicmx:fort-validator:*:*:*:*:*:*:*:*
Версия до 1.6.3 (исключая)

EPSS

Процентиль: 41%
0.00188
Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo
CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2024-45236

CVSS3: 7.5
ubuntu
больше 1 года назад

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.

debian логотип

CVE-2024-45236

CVSS3: 7.5
debian
больше 1 года назад

An issue was discovered in Fort before 1.6.3. A malicious RPKI reposit ...

github логотип

GHSA-v5cx-w2w4-m488

CVSS3: 7.5
github
больше 1 года назад

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.

EPSS

Процентиль: 41%
0.00188
Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo
CWE-20