CVE-2024-45237 is a critical security vulnerability identified in Fort, a software component used for RPKI (Resource Public Key Infrastructure) validation, prior to version 1.6.3. The vulnerability is triggered when Fort processes a resource certificate from a malicious RPKI repository that is descended from a trusted Trust Anchor. Specifically, the malicious repository can serve a resource certificate containing a Key Usage extension with more than two bytes of data. Fort attempts to write this extension into a fixed-size 2-byte buffer without proper length checks or sanitization, leading to a classic buffer overflow condition (CWE-120). This buffer overflow can be exploited remotely via standard RPKI distribution protocols such as rsync or RRDP, without requiring any authentication or user interaction. The overflow could allow an attacker to execute arbitrary code, cause denial of service, or compromise the confidentiality and integrity of the system running Fort. The CVSS v3.1 base score of 9.8 reflects the critical nature of this vulnerability, with attack vector being network-based, no privileges required, and no user interaction needed. Although no exploits have been reported in the wild yet, the vulnerability presents a severe risk given the widespread use of Fort in RPKI validation, which is critical for securing internet routing infrastructure. The vulnerability underscores the importance of robust input validation and secure coding practices in security-critical software components.

For European organizations, the impact of CVE-2024-45237 can be significant, particularly for internet service providers (ISPs), network operators, and infrastructure providers that rely on Fort for RPKI validation to secure BGP routing. Exploitation could lead to arbitrary code execution on critical routing validation servers, potentially allowing attackers to disrupt routing security, cause denial of service, or pivot into internal networks. This could undermine the integrity and availability of internet routing, leading to traffic interception, rerouting, or outages. Given the critical role of RPKI in preventing route hijacking and BGP attacks, a compromise could have cascading effects on network trust and stability across Europe. Organizations involved in national or regional internet infrastructure, cloud providers, and large enterprises with direct internet peering are particularly at risk. The lack of required authentication and user interaction makes the attack feasible for remote adversaries, increasing the threat landscape. The vulnerability also poses risks to the confidentiality of routing validation data and potentially sensitive operational information.

To mitigate CVE-2024-45237, European organizations using Fort should immediately upgrade to version 1.6.3 or later where the vulnerability is patched. If immediate patching is not possible, organizations should implement network-level controls to restrict access to RPKI repositories, especially those not fully trusted or verified. Deploying strict validation and filtering of RPKI data sources can reduce exposure to malicious repositories. Monitoring network traffic for unusual rsync or RRDP activity and implementing anomaly detection on RPKI update patterns can help detect exploitation attempts. Organizations should also review and harden the security posture of servers running Fort, including applying least privilege principles, isolating RPKI validation services, and enabling logging and alerting for suspicious behavior. Collaboration with RPKI Trust Anchor operators to ensure repository integrity and timely revocation of compromised repositories is recommended. Finally, organizations should stay informed on vendor advisories and threat intelligence updates related to this vulnerability.