nvd-json-data-feeds/CVE-2024/CVE-2024-452xx/CVE-2024-45239.json

{
  "id": "CVE-2024-45239",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-08-24T23:15:04.353",
  "lastModified": "2024-08-27T15:49:31.417",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en Fort antes de la versi\u00f3n 1.6.3. Un repositorio RPKI malicioso que desciende de un Trust Anchor (confiable) puede servir (a trav\u00e9s de rsync o RRDP) un ROA o un Manifiesto que contenga un campo de contenido electr\u00f3nico nulo. Fort elimina la referencia al puntero sin desinfectarlo primero. Debido a que Fort es una parte de confianza de RPKI, una falla puede provocar que la validaci\u00f3n del origen de la ruta no est\u00e9 disponible, lo que puede comprometer el enrutamiento."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:nicmx:fort-validator:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "1.6.3",
              "matchCriteriaId": "1B6DF9BD-7BC4-4AFF-8E93-6810EC99D678"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://nicmx.github.io/FORT-validator/CVE.html",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}
Auto-Update: 2024-08-24T23:55:17.472549+00:00 2024-08-24 23:58:14 +00:00			`{`
			`"id": "CVE-2024-45239",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2024-08-24T23:15:04.353",`
Auto-Update: 2024-08-27T16:00:17.994817+00:00 2024-08-27 16:03:16 +00:00			`"lastModified": "2024-08-27T15:49:31.417",`
			`"vulnStatus": "Analyzed",`
Auto-Update: 2024-08-24T23:55:17.472549+00:00 2024-08-24 23:58:14 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing."`
Auto-Update: 2024-08-26T14:00:18.005633+00:00 2024-08-26 14:03:14 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "Se descubri\u00f3 un problema en Fort antes de la versi\u00f3n 1.6.3. Un repositorio RPKI malicioso que desciende de un Trust Anchor (confiable) puede servir (a trav\u00e9s de rsync o RRDP) un ROA o un Manifiesto que contenga un campo de contenido electr\u00f3nico nulo. Fort elimina la referencia al puntero sin desinfectarlo primero. Debido a que Fort es una parte de confianza de RPKI, una falla puede provocar que la validaci\u00f3n del origen de la ruta no est\u00e9 disponible, lo que puede comprometer el enrutamiento."
Auto-Update: 2024-08-24T23:55:17.472549+00:00 2024-08-24 23:58:14 +00:00			`}`
			`],`
Auto-Update: 2024-08-27T16:00:17.994817+00:00 2024-08-27 16:03:16 +00:00			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.5,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 3.6`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-476"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:nicmx:fort-validator::::::::",`
			`"versionEndExcluding": "1.6.3",`
			`"matchCriteriaId": "1B6DF9BD-7BC4-4AFF-8E93-6810EC99D678"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2024-08-24T23:55:17.472549+00:00 2024-08-24 23:58:14 +00:00			`"references": [`
			`{`
			`"url": "https://nicmx.github.io/FORT-validator/CVE.html",`
Auto-Update: 2024-08-27T16:00:17.994817+00:00 2024-08-27 16:03:16 +00:00			`"source": "cve@mitre.org",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2024-08-24T23:55:17.472549+00:00 2024-08-24 23:58:14 +00:00			`}`
			`]`
			`}`