CVE-2024-45234

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-45234
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://nicmx.github.io/FORT-validator/CVE.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:nicmx:fort-validator:*:*:*:*:*:*:*:*
History

27 Aug 2024, 15:45

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:nicmx:fort-validator:*:*:*:*:*:*:*:*
First Time Nicmx fort-validator
Nicmx
References () https://nicmx.github.io/FORT-validator/CVE.html - () https://nicmx.github.io/FORT-validator/CVE.html - Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5

26 Aug 2024, 12:47

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en Fort antes de la versión 1.6.3. Un repositorio RPKI malicioso que desciende de un ancla de confianza (confiable) puede servir (a través de rsync o RRDP) un ROA o un manifiesto que contenga atributos firmados codificados en forma no canónica. Esto evita el decodificador BER de Fort, llegando a un punto en el código que entra en pánico cuando se enfrenta a datos no codificados en DER. Debido a que Fort es una parte de confianza de RPKI, un pánico puede provocar que la validación del origen de la ruta no esté disponible, lo que puede comprometer el enrutamiento.

24 Aug 2024, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-24 23:15

Updated : 2024-08-27 15:45

NVD link : CVE-2024-45234

Mitre link : CVE-2024-45234

CVE.ORG link : CVE-2024-45234

JSON object : View

Products Affected

nicmx

  • fort-validator
CWE
NVD-CWE-noinfo

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024