CVE-2024-45237: 
Linux Debian vulnerability analysis and mitigation

A critical security vulnerability (CVE-2024-45237) was discovered in Fort validator versions before 1.6.3. The vulnerability allows a malicious RPKI repository that descends from a trusted Trust Anchor to serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without properly sanitizing its length, leading to a buffer overflow (FORT CVE, NVD).

The vulnerability is classified as a buffer overflow (CWE-120) where Fort validator fails to properly check the size of input data before writing it to a fixed-size buffer. The CVSS v3.1 base score is 9.8 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating the highest severity level with network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

Depending on compilation options, the vulnerability can lead to multiple severe consequences: system crashes resulting in Route Origin Validation unavailability, incorrect validation results, or arbitrary code execution. This poses significant risks to network routing security and stability (FORT CVE).

The vulnerability has been patched in Fort version 1.6.3 with commit 939d988. Users are strongly advised to upgrade to this version or later. For Debian 11 bullseye users, the fix is available in version 1.5.3-1~deb11u2 (Debian LTS).