CVE-2021-43114

HIGH

fort_validator < 1.5.2 - Denial of Service via X.509 EE Certificate Parsing

Title source: llm

Description

FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation.

References (6)

Core 6

Core References

Third Party Advisory vendor-advisory

https://www.debian.org/security/2021/dsa-5033

Patch, Release Notes, Third Party Advisory

https://github.com/NICMx/FORT-validator/releases/tag/1.5.2

Patch

https://github.com/NICMx/FORT-validator/commit/274dc14aed1eb9b3350029d1063578a6b9c77b54

View Patch ZIP pw:eip

Patch

https://github.com/NICMx/FORT-validator/commit/425e0f4037b4543fe8044ac96ca71d6d02d7d8c5

View Patch ZIP pw:eip

Patch

https://github.com/NICMx/FORT-validator/commit/673c679b6bf3f4187cd5242c31a795bf8a6c22b3

View Patch ZIP pw:eip

Patch

https://github.com/NICMx/FORT-validator/commit/eb68ebbaab50f3365aa51bbaa17cb862bf4607fa

View Patch ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0109

EPSS Percentile 61.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

Status published

Products (2)

debian/debian_linux 11.0

fort_validator_project/fort_validator < 1.5.2

Published Nov 09, 2021

Tracked Since Feb 18, 2026