{"id":"CVE-2024-45235","details":"An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.","modified":"2026-04-12T10:53:08.291093Z","published":"2024-08-24T23:15:04.130Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00030.html"},{"type":"ADVISORY","url":"https://nicmx.github.io/FORT-validator/CVE.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nicmx/fort-validator","events":[{"introduced":"0"},{"fixed":"554c5fa738791173dbf8261d68b4515708fc70ce"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.6.3"}]}}],"versions":["1.5.3","1.5.4","1.6.0","1.6.1","1.6.2","v0.0.2","v1.0.0","v1.1.0","v1.1.1","v1.2.0","v1.2.1","v1.3.0","v1.4.0","v1.5.0","v1.5.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45235.json","vanir_signatures":[{"digest":{"line_hashes":["147889449138784577634602238466759049575","269493755503718693970132359291416060958","183467428597507957592080802613304264921","327584951224570290483511414756764349834"],"threshold":0.9},"deprecated":false,"target":{"file":"src/print_file.c"},"source":"https://github.com/nicmx/fort-validator/commit/554c5fa738791173dbf8261d68b4515708fc70ce","signature_version":"v1","id":"CVE-2024-45235-02f74911","signature_type":"Line"},{"digest":{"line_hashes":["50989219936941618529196440800405028605","68482305505019198037374393097522654354","245080040670023987538169387390987987000","24442718220132759855911218662021834770"],"threshold":0.9},"deprecated":false,"target":{"file":"test/tal_test.c"},"source":"https://github.com/nicmx/fort-validator/commit/554c5fa738791173dbf8261d68b4515708fc70ce","signature_version":"v1","id":"CVE-2024-45235-5bd24603","signature_type":"Line"},{"digest":{"line_hashes":["244406567224100079130832236358206550568","192874625895839078802782519432191710424","8368202350100797008376123573611711471","187673777030990722610105519276335209648"],"threshold":0.9},"deprecated":false,"target":{"file":"test/types/uri_test.c"},"source":"https://github.com/nicmx/fort-validator/commit/554c5fa738791173dbf8261d68b4515708fc70ce","signature_version":"v1","id":"CVE-2024-45235-6cef58de","signature_type":"Line"},{"digest":{"line_hashes":["117657757624396647050250919369354447007","238967847734869426782602542933290486653","231970757348571404241512985359370383534","66094430273658645673717399424594708253"],"threshold":0.9},"deprecated":false,"target":{"file":"test/mock.c"},"source":"https://github.com/nicmx/fort-validator/commit/554c5fa738791173dbf8261d68b4515708fc70ce","signature_version":"v1","id":"CVE-2024-45235-6e166c3c","signature_type":"Line"},{"digest":{"length":548,"function_hash":"262246466360906216192910747803551172805"},"deprecated":false,"target":{"function":"rsync2bio_tmpdir","file":"src/print_file.c"},"source":"https://github.com/nicmx/fort-validator/commit/554c5fa738791173dbf8261d68b4515708fc70ce","signature_version":"v1","id":"CVE-2024-45235-99bea718","signature_type":"Function"}],"vanir_signatures_modified":"2026-04-12T10:53:08Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}