Job Snijders

**Name of the Vulnerable Software and Affected Versions** Fort versions 1.6.4 and earlier, before 2.0.0 **Description** A validation integrity issue was discovered in the product. RPKI manifests, which are listings of relevant files that clients are supposed to verify, contain the `manifestNumber` and `thisUpdate` fields. These fields can be used to gauge the relevance of a given manifest when compared to other manifests. However, the product does not compare the up-to-dateness of the most recently fetched manifest against the cached manifest, making it prone to a rollback to a previous version if it's served a valid outdated manifest. This leads to outdated route origin validation. **Recommendations** For Fort versions 1.6.4 and earlier, before 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider implementing additional validation checks to ensure the most recent version of a manifest is prioritized over other versions. Restrict access to outdated manifests to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NLnet Labs Routinator versions prior to 0.10.0 **Description** The issue arises when an RPKI CA uses excessively large values in the max-length parameter within a ROA, causing NLnet Labs Routinator to produce an invalid RTR payload. This results in RTR clients, such as routers, rejecting the RPKI data set, which effectively disables Route Origin Validation. **Recommendations** For versions prior to 0.10.0, update to version 0.10.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of large values in the max-length parameter in ROAs to prevent the production of invalid RTR payloads until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** OctoRPKI versions prior to 1.3.0 **Description** Any CA issuer in the RPKI can trick OctoRPKI into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network, for example AS 13335 - Cloudflare, prior to launching a BGP hijack which during normal operations would be rejected as "RPKI invalid". Additionally, in certain deployments RTR session flapping in and of itself also could cause BGP routing churn, causing availability issues. **Recommendations** For OctoRPKI versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the RTR sessions to minimize the risk of exploitation. Avoid using the `MaxLength` field in the VRP until the issue is resolved.