CVE-2024-45236 – This vulnerability in FORT RPKI validator allow... (How to Fix)

Q: What is the severity of CVE-2024-45236?

CVE-2024-45236 has a CVSS score of 7.5 (HIGH). This vulnerability in FORT RPKI validator allows a malicious RPKI repository to crash the software by serving a signed object with an empty signedAttributes field. This leads to Route Origin Validation unavailability, potentially compromising BGP routing security. Organizations using FORT as an RPKI Relying Party are affected.

📋 TL;DR

This vulnerability in FORT RPKI validator allows a malicious RPKI repository to crash the software by serving a signed object with an empty signedAttributes field. This leads to Route Origin Validation unavailability, potentially compromising BGP routing security. Organizations using FORT as an RPKI Relying Party are affected.

💻 Affected Systems

Products:

FORT RPKI validator

Versions: All versions before 1.6.3

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using FORT as an RPKI Relying Party that connect to RPKI repositories via rsync or RRDP protocols.

📦 What is this software?

Fort Validator by Nicmx

View all CVEs affecting Fort Validator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of Route Origin Validation leading to BGP hijacking attacks, route leaks, and compromised internet routing infrastructure.

🟠

Likely Case

Service disruption of FORT validator causing temporary loss of RPKI validation until service restart, potentially allowing malicious route announcements during downtime.

🟢

If Mitigated

Limited service interruption with quick detection and restart, minimal routing impact due to redundancy or alternative validation mechanisms.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires control of a malicious RPKI repository that descends from a trusted Trust Anchor, which an attacker could potentially create or compromise.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.3

Vendor Advisory: https://nicmx.github.io/FORT-validator/CVE.html

Restart Required: Yes

Instructions:

1. Download FORT 1.6.3 or later from official repository. 2. Stop FORT service. 3. Install/upgrade to patched version. 4. Restart FORT service. 5. Verify service is running correctly.

🔧 Temporary Workarounds

Repository filtering

linux

Configure FORT to only connect to trusted RPKI repositories and implement repository allowlisting

# Configure repository allowlist in FORT configuration
# Example: fort --repository-trust=https://trusted-repo.example.com

🧯 If You Can't Patch

Implement redundant RPKI validation with alternative software (Routinator, rpki-client)
Monitor FORT process health and implement automatic restart on crash detection

🔍 How to Verify

Check if Vulnerable:

Check FORT version with 'fort --version' command, vulnerable if version < 1.6.3

Check Version:

fort --version

Verify Fix Applied:

Verify version is 1.6.3 or higher and monitor for crashes when processing RPKI objects

📡 Detection & Monitoring

Log Indicators:

FORT process crashes
Segmentation fault errors in logs
RPKI validation service stopped unexpectedly

Network Indicators:

Unusual RPKI repository connections
Suspicious rsync/RRDP traffic patterns

SIEM Query:

process.name="fort" AND (event.action="crashed" OR log.level="error" AND message="segmentation fault")

📊 Metadata

CVE ID: CVE-2024-45236

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: August 24, 2024

Last Updated: November 3, 2025

🔗 References

https://nicmx.github.io/FORT-validator/CVE.html Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/02/msg00030.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45236, you might also want to check these: