Fort Validator
CVE-2024-45239
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
AnalysisAI
An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. Affected products include: Nicmx Fort-Validator. Version information: before 1.6.3..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.
More in Fort Validator
View allAn issue was discovered in Fort before 1.6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit
An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. Rated high severity (CVSS 7.5), this vulnerabi
An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable
An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable
An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable
An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable
FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. Rated high severity (
A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. Rated medium severity (CVSS 5.3), this v
A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. Rated medium severity (CVSS 5.3), this v
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today