CVE-2024-45235

Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3

Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizing it first, which can lead to a crash and make Route Origin Validation unavailable, resulting in compromised routing.

Recommendations For versions prior to 1.6.3, update to version 1.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the RPKI repository to minimize the risk of exploitation.