vulnerability

Ubuntu: USN-7813-1 (CVE-2024-45238): FORT Validator vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Oct 8, 2025	Oct 10, 2025	Oct 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Oct 8, 2025

Added

Oct 10, 2025

Modified

Oct 10, 2025

Description

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsing, and when compiled with OpenSSL libcrypto versions below 3, Fort recklessly dereferences the pointer. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.

Solution

ubuntu-pro-upgrade-fort-validator

References

CVE-2024-45238
https://attackerkb.com/topics/CVE-2024-45238
CWE-476
UBUNTU-USN-7813-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today