Search CVE reports
11 – 14 of 14 results
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache...
2 affected packages
cfrpki, fort-validator
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cfrpki | Not in release | Not affected | — | — |
| fort-validator | Not affected | Not affected | Vulnerable | — |
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall...
4 affected packages
cfrpki, fort-validator, routinator, rpki-client
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cfrpki | Not in release | Not affected | — | — |
| fort-validator | Not affected | Not affected | Vulnerable | — |
| routinator | — | — | — | — |
| rpki-client | Not affected | Not affected | — | — |
NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By...
3 affected packages
cfrpki, fort-validator, rpki-client
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cfrpki | Not in release | Needs evaluation | — | — |
| fort-validator | Not affected | Not affected | Not affected | — |
| rpki-client | Not affected | Not affected | — | — |
FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation.
1 affected package
fort-validator
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| fort-validator | Not affected | Not affected | Not affected | — |