CVE-2024-56375

Published Dec 22, 2024

Last updated 2 months ago

CVSS high 7.5

Overview

Description
An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a Manifest RPKI object containing an empty fileList. Fort dereferences (and, shortly afterwards, writes to) this array during a shuffle attempt, before the validation that would normally reject it when empty. This out-of-bounds access is caused by an integer underflow that causes the surrounding loop to iterate infinitely. Because the product is permanently stuck attempting to overshuffle an array that doesn't actually exist, a crash is nearly guaranteed.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-191
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-191

Social media

Hype score
Not currently trending

  1. CVE-2024-56375 (CVSS:7.5, HIGH) is Awaiting Analysis. An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from..https://t.co/p0J818ClEe #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    27 Dec 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2024-53961 2 - CVE-2024-30085 3 - CVE-2024-56375 4 - CVE-2024-30088 5 - CVE-2024-56337 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    25 Dec 2024

    128 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-56375 Integer Underflow in Fort Before 1.6.5 Causes Infinite Loop Fort versions 1.6.3 and 1.6.4, before 1.6.5, have an integer underflow vulnerability. A harmful RPKI repository linked to a Trust Anchor ... https://t.co/nPwlh4gIf7

    @VulmonFeeds

    22 Dec 2024

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-56375 An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync… https://t.co/SQkrGJ6h7r

    @CVEnew

    22 Dec 2024

    640 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References