CVE-2024-45236 in Fort
Summary
by MITRE • 08/25/2024
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 02/24/2025
The vulnerability described in CVE-2024-45236 represents a critical flaw in Fort software versions prior to 1.6.3 that specifically targets the RPKI (Resource Public Key Infrastructure) validation process. This issue arises within the context of RPKI relying parties that must process signed objects from trusted trust anchors, creating a scenario where a malicious actor could exploit the software's failure to properly sanitize input data. The vulnerability manifests when a malicious RPKI repository, which maintains a relationship with a trusted trust anchor, serves signed objects containing an empty signedAttributes field through either rsync or RRDP protocols. The fundamental technical flaw lies in Fort's improper handling of the signedAttributes set, where the software attempts to access elements without first validating or sanitizing the data structure. This memory access violation creates a potential crash condition that can be leveraged by attackers to disrupt the Route Origin Validation service, which forms a critical component of Internet routing security.
The operational impact of this vulnerability extends beyond simple service disruption to potentially compromise the entire routing infrastructure of affected networks. As a RPKI relying party, Fort's primary function is to validate route origin information and ensure that routing announcements come from legitimate sources within the RPKI ecosystem. When Fort crashes due to processing the malformed signed object, it creates a denial of service condition that can render Route Origin Validation unavailable for the entire duration of the crash. This availability issue directly impacts the security posture of networks that depend on RPKI validation to prevent route hijacking and prefix injection attacks. The vulnerability's potential for causing widespread routing disruption makes it particularly dangerous in production environments where continuous network availability is critical. According to CWE standards, this represents a CWE-125: Out-of-bounds Read vulnerability that occurs due to improper input validation and sanitization of data structures.
The attack vector for this vulnerability involves an attacker maintaining control of a malicious RPKI repository that can establish a relationship with an existing trust anchor, which is a common scenario in RPKI deployments where repositories may be hosted by third parties or organizations with compromised security. The exploitation requires the attacker to craft a specific signed object with an empty signedAttributes field, which when processed by Fort, triggers the memory access error. This attack pattern aligns with ATT&CK techniques related to service disruption and availability attacks, specifically targeting infrastructure components that are fundamental to network security. The vulnerability demonstrates a failure in input validation that can be classified as a weakness in the software's defensive programming practices. Organizations relying on Fort for RPKI validation must understand that this issue can be exploited without requiring direct network access to the target system, as the malicious repository can exist anywhere in the RPKI chain and simply needs to be referenced by the relying party software.
Mitigation strategies for this vulnerability include immediate upgrade to Fort version 1.6.3 or later, which contains the necessary patches to properly sanitize the signedAttributes field before accessing its elements. Network administrators should also implement monitoring solutions that can detect unusual patterns in RPKI repository behavior and alert on malformed signed objects. Additionally, organizations should consider implementing redundant RPKI validation systems to provide failover capabilities in case one relying party becomes compromised. The fix implemented in Fort 1.6.3 addresses the root cause by introducing proper validation checks on the signedAttributes field before any element access occurs, preventing the out-of-bounds read condition that led to the crash. Security teams should also review their RPKI deployment configurations to ensure that only trusted repositories are being used and that proper certificate validation procedures are in place to prevent unauthorized repositories from being added to the trust chain. This vulnerability underscores the importance of robust input validation in security-critical software components and demonstrates how seemingly minor flaws in data handling can have significant operational consequences in Internet infrastructure systems.