{"id":"USN-7813-1","summary":"fort-validator vulnerabilities","details":"Niklas Vogel and Haya Schulmann discovered that FORT Validator did not\nperform proper input validation when parsing certain RPKI repository data.\nA remote attacker could possibly use this issue to cause FORT Validator to\ncrash, resulting in a denial of service. (CVE-2024-45234, CVE-2024-45235,\nCVE-2024-45236, CVE-2024-45238, CVE-2024-45239)\n\nNiklas Vogel and Haya Schulmann discovered that FORT Validator did not\nperform proper input validation when parsing resource certificates. A\nremote attacker could possibly use this issue to cause a denial of service\nor execute arbitrary code. (CVE-2024-45237)\n\nKoen van Hove discovered that FORT Validator did not limit the duration of\ndata transfers when fetching RPKI repository data. A remote attacker could\npossibly use this issue to cause FORT Validator to consume excessive\nresources, resulting in a denial of service. (CVE-2024-48943)","modified":"2026-02-10T04:50:11Z","published":"2025-10-08T13:47:06Z","related":["UBUNTU-CVE-2024-45234","UBUNTU-CVE-2024-45235","UBUNTU-CVE-2024-45236","UBUNTU-CVE-2024-45237","UBUNTU-CVE-2024-45238","UBUNTU-CVE-2024-45239","UBUNTU-CVE-2024-48943"],"upstream":["CVE-2024-45234","CVE-2024-45235","CVE-2024-45236","CVE-2024-45237","CVE-2024-45238","CVE-2024-45239","CVE-2024-48943","UBUNTU-CVE-2024-45234","UBUNTU-CVE-2024-45235","UBUNTU-CVE-2024-45236","UBUNTU-CVE-2024-45237","UBUNTU-CVE-2024-45238","UBUNTU-CVE-2024-45239","UBUNTU-CVE-2024-48943"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7813-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-45234"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-45235"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-45236"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-45237"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-45238"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-45239"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-48943"}],"affected":[{"package":{"name":"fort-validator","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/fort-validator@1.2.0-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.0-1ubuntu0.1~esm1"}]}],"versions":["1.1.1-2","1.1.2-1","1.1.3-1","1.2.0-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"1.2.0-1ubuntu0.1~esm1","binary_name":"fort-validator"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"id":"CVE-2024-45234","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-45235","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-45236","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-45237","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-45238","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-45239","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-48943","severity":[{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7813-1.json"}},{"package":{"name":"fort-validator","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/fort-validator@1.5.3-1ubuntu0.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.3-1ubuntu0.1"}]}],"versions":["1.5.1-1","1.5.2-1","1.5.3-1","1.5.3-1build1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.5.3-1ubuntu0.1","binary_name":"fort-validator"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"id":"CVE-2024-45234","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-45235","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-45236","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-45237","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-45238","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-45239","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-48943","severity":[{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7813-1.json"}},{"package":{"name":"fort-validator","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/fort-validator@1.6.1-1ubuntu0.1~esm2?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.1-1ubuntu0.1~esm2"}]}],"versions":["1.5.4-1","1.6.1-1","1.6.1-1build2","1.6.1-1build3"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"1.6.1-1ubuntu0.1~esm2","binary_name":"fort-validator"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:24.04:LTS","cves":[{"id":"CVE-2024-45234","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-45235","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-45236","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-45237","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-45238","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-45239","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-48943","severity":[{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7813-1.json"}}],"schema_version":"1.7.3"}