Niklas Vogel and Haya Schulmann discovered that FORT Validator did not perform proper input validation when parsing certain RPKI repository data. A remote attacker could possibly use this issue to cause FORT Validator to crash, resulting in a denial of service. (CVE-2024-45234, CVE-2024-45235, CVE-2024-45236, CVE-2024-45238, CVE-2024-45239) Niklas Vogel and Haya Schulmann discovered that FORT Validator did not perform proper input validation when parsing resource certificates. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-45237) Koen van Hove discovered that FORT Validator did not limit the duration of data transfers when fetching RPKI repository data. A remote attacker could possibly use this issue to cause FORT Validator to consume excessive resources, resulting in a denial of service. (CVE-2024-48943)
Continue reading...
Continue reading...
