CVE-2021-43114 — Improper Certificate Validation in Validator Project Fort Validator

CWE-295 — Improper Certificate Validation CWE-400 — Uncontrolled Resource Consumption5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 31.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nicmx Fort-validator Fort Validator Project Fort Validator Debian Linux

Timeline

PublishedNov 9

Latest updateMay 24

Description

FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDfort_validator_project/fort_validator< 1.5.2

▶Debiannicmx/fort-validator< 1.5.3-1~deb11u1+3

Also affects: Debian Linux 11.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-2wgw-4x82-63xq: FORT Validator versions prior to 1↗2022-05-24

▶

CVEList

CVE-2021-43114: FORT Validator versions prior to 1↗2021-11-09

▶

OSV

CVE-2021-43114: FORT Validator versions prior to 1↗2021-11-09

▶

📋Vendor Advisories

Debian

CVE-2021-43114: fort-validator - FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.5...↗2021

▶