CVE-2024-45239 is a vulnerability identified in Fort, an RPKI Relying Party software used to validate Route Origin Authorizations (ROAs) and Manifests in the Resource Public Key Infrastructure (RPKI) ecosystem. The issue arises when Fort processes data from a malicious RPKI repository that is descended from a trusted Trust Anchor. Specifically, the attacker can craft an ROA or Manifest containing a null eContent field, which Fort dereferences without first checking for null pointers (CWE-476: NULL Pointer Dereference). This leads to a crash of the Fort process. Since Fort is responsible for validating route origins to ensure that IP prefixes are announced only by authorized Autonomous Systems, its crash results in Route Origin Validation becoming unavailable. This unavailability can allow invalid or malicious BGP route announcements to propagate, potentially leading to traffic hijacking, interception, or denial of service. The vulnerability is remotely exploitable without authentication or user interaction, with a CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating a high impact on availability but no direct confidentiality or integrity compromise. No public exploits are known yet, but the risk remains significant due to the critical role of RPKI in securing internet routing.

For European organizations, particularly ISPs, network operators, and critical infrastructure providers relying on Fort for RPKI validation, this vulnerability poses a significant risk. A crash in Fort can disable Route Origin Validation, undermining the security of BGP routing and increasing the risk of route hijacking or misrouting attacks. This can lead to traffic interception, service disruption, or loss of connectivity. Given the reliance on RPKI to prevent route leaks and hijacks, the unavailability of validation services can degrade trust in routing security and potentially impact large segments of internet traffic. The impact is especially critical for organizations managing large IP address spaces or those involved in internet backbone operations. Additionally, regulatory requirements in Europe around network security and resilience may increase the urgency to address this vulnerability promptly.

The primary mitigation is to upgrade Fort to version 1.6.3 or later, where this null pointer dereference issue has been fixed. Organizations should implement strict validation and monitoring of RPKI repositories to detect malformed or suspicious ROAs and Manifests. Deploying redundancy for RPKI validation services can help maintain availability if one instance crashes. Network operators should also monitor BGP announcements for anomalies that may indicate routing attacks stemming from validation failures. Incorporating automated alerting for Fort process crashes or validation failures will enable rapid response. Additionally, applying network-level protections such as prefix filtering and route validation policies can reduce the impact of compromised route origin validation. Coordination with upstream providers and RPKI Trust Anchor operators to ensure repository integrity is also recommended.