Haya Schulmann

**Name of the Vulnerable Software and Affected Versions** Routinator (affected versions not specified) **Description** The issue arises from the initial code parsing the manifest not checking the content of file names, while later code assumes this check has been performed. When encountering illegal characters, the system panics, resulting in a crash of Routinator. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fort versions prior to 1.6.3 **Description** An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing. **Recommendations** For versions prior to 1.6.3, update to version 1.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the RPKI repository to minimize the risk of exploitation. Avoid using non-canonical encoded signedAttrs in ROAs or Manifests until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Fort versions prior to 1.6.3 **Description** An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve a resource certificate containing an Authority Key Identifier extension that lacks the `keyIdentifier` field. Fort references this pointer without sanitizing it first, which can lead to a crash and make Route Origin Validation unavailable, resulting in compromised routing. **Recommendations** For versions prior to 1.6.3, update to version 1.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the RPKI repository to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Fort versions prior to 1.6.3 **Description** An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve a signed object containing an empty `signedAttributes` field via rsync or RRDP. Fort accesses the set's elements without sanitizing it first, which can lead to a crash and Route Origin Validation unavailability, resulting in compromised routing. **Recommendations** For versions prior to 1.6.3, update to version 1.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the RPKI repository to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Fort versions prior to 1.6.3 **Description** An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve an ROA or a Manifest containing a null eContent field via rsync or RRDP. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. **Recommendations** For versions prior to 1.6.3, update to version 1.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the RPKI repository to minimize the risk of exploitation. Avoid using the `eContent` field in the affected ROA or Manifest until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Fort versions prior to 1.6.3 Description: The issue is related to a buffer overflow in the stack due to improper sanitization of the length of a Key Usage extension in a resource certificate served by a malicious RPKI repository. This can allow a remote attacker to execute arbitrary code. A malicious RPKI repository that descends from a trusted Trust Anchor can serve a resource certificate containing a Key Usage extension composed of more than two bytes of data, which Fort writes into a 2-byte buffer without properly sanitizing its length, leading to a buffer overflow. Recommendations: For versions prior to 1.6.3, update to version 1.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the RPKI repository or disabling the use of resource certificates with Key Usage extensions until a patch is available. Avoid using the `Key Usage` extension in resource certificates served by RPKI repositories until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Fort versions prior to 1.6.3 **Description** An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsing, and when compiled with OpenSSL libcrypto versions below 3, Fort recklessly dereferences the pointer. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. **Recommendations** For versions prior to 1.6.3, upgrade to version 1.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the RPKI repository to minimize the risk of exploitation. Avoid using the `rsync` or `RRDP` protocols with untrusted repositories until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** BIND versions prior to the fixed version **Description** The issue is related to the DNSSEC implementation in the DNS protocol, which can be exploited by remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses. This is known as the "KeyTrap" issue. The protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records, which can lead to CPU exhaustion when there is a zone with many DNSKEY and RRSIG records. The estimated number of potentially affected devices worldwide is not specified. However, it is mentioned that this issue can potentially cause extended Internet outages by sending a single malicious packet that sends DNS servers into an unresolvable loop. **Recommendations** To resolve the issue, users should upgrade to a version of BIND that contains the fix for this vulnerability. As a temporary workaround, consider using a non-validating resolver to remove the vulnerability, although this is not recommended. Restrict access to the vulnerable DNSSEC validation module to minimize the risk of exploitation. Avoid using the `ValidatingResolver` for DNSSEC validation until the issue is resolved.