Vulnerability Details CVE-2021-43114
FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/NICMx/FORT-validator/commit/274dc14aed1eb9b3350029d1063578a6b9c77b54
- https://github.com/NICMx/FORT-validator/commit/425e0f4037b4543fe8044ac96ca71d6d02d7d8c5
- https://github.com/NICMx/FORT-validator/commit/673c679b6bf3f4187cd5242c31a795bf8a6c22b3
- https://github.com/NICMx/FORT-validator/commit/eb68ebbaab50f3365aa51bbaa17cb862bf4607fa
- https://github.com/NICMx/FORT-validator/releases/tag/1.5.2
- https://www.debian.org/security/2021/dsa-5033
- https://github.com/NICMx/FORT-validator/commit/274dc14aed1eb9b3350029d1063578a6b9c77b54
- https://github.com/NICMx/FORT-validator/commit/425e0f4037b4543fe8044ac96ca71d6d02d7d8c5
- https://github.com/NICMx/FORT-validator/commit/673c679b6bf3f4187cd5242c31a795bf8a6c22b3
- https://github.com/NICMx/FORT-validator/commit/eb68ebbaab50f3365aa51bbaa17cb862bf4607fa
- https://github.com/NICMx/FORT-validator/releases/tag/1.5.2
- https://www.debian.org/security/2021/dsa-5033
Products affected by CVE-2021-43114
-
cpe:2.3:a:fort_validator_project:fort_validator:*
-
cpe:2.3:o:debian:debian_linux:11.0