An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsing, and when compiled with OpenSSL libcrypto versions below 3, Fort recklessly dereferences the pointer. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
                
            Metrics
Affected Vendors & Products
References
        | Link | Providers | 
|---|---|
| https://nicmx.github.io/FORT-validator/CVE.html |     | 
History
                    Tue, 22 Apr 2025 16:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Nicmx Nicmx fort Validator | |
| CPEs | cpe:2.3:a:nicmx:fort_validator:*:*:*:*:*:*:*:* | |
| Vendors & Products | Nicmx Nicmx fort Validator | 
Mon, 26 Aug 2024 16:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Fort Validator Project Fort Validator Project fort Validator | |
| Weaknesses | CWE-476 | |
| CPEs | cpe:2.3:a:fort_validator_project:fort_validator:*:*:*:*:*:*:*:* | |
| Vendors & Products | Fort Validator Project Fort Validator Project fort Validator | |
| Metrics | cvssV3_1 
 
 | 
Sat, 24 Aug 2024 22:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsing, and when compiled with OpenSSL libcrypto versions below 3, Fort recklessly dereferences the pointer. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. | |
| References |  | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: mitre
Published: 2024-08-24T00:00:00
Updated: 2024-08-26T16:09:33.187Z
Reserved: 2024-08-24T00:00:00
Link: CVE-2024-45238
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-26T16:09:26.421Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-08-24T23:15:04.303
Modified: 2025-04-22T16:24:40.680
Link: CVE-2024-45238
 Redhat
                        Redhat
                    No data.