1. Ubuntu Security Notices
  2. USN-7813-1

USN-7813-1: FORT Validator vulnerabilities

Publication date

8 October 2025

Overview

Several security issues were fixed in FORT Validator.

Releases

Packages

Details

Niklas Vogel and Haya Schulmann discovered that FORT Validator did not
perform proper input validation when parsing certain RPKI repository data.
A remote attacker could possibly use this issue to cause FORT Validator to
crash, resulting in a denial of service. (CVE-2024-45234, CVE-2024-45235,
CVE-2024-45236, CVE-2024-45238, CVE-2024-45239)

Niklas Vogel and Haya Schulmann discovered that FORT Validator did not
perform proper input validation when parsing resource certificates. A
remote attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2024-45237)

Koen van Hove discovered that FORT Validator did not limit the duration of
data transfers when fetching RPKI...

Niklas Vogel and Haya Schulmann discovered that FORT Validator did not
perform proper input validation when parsing certain RPKI repository data.
A remote attacker could possibly use this issue to cause FORT Validator to
crash, resulting in a denial of service. (CVE-2024-45234, CVE-2024-45235,
CVE-2024-45236, CVE-2024-45238, CVE-2024-45239)

Niklas Vogel and Haya Schulmann discovered that FORT Validator did not
perform proper input validation when parsing resource certificates. A
remote attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2024-45237)

Koen van Hove discovered that FORT Validator did not limit the duration of
data transfers when fetching RPKI repository data. A remote attacker could
possibly use this issue to cause FORT Validator to consume excessive
resources, resulting in a denial of service. (CVE-2024-48943)

Update instructions

After a standard system update you need to restart FORT Validator to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
24.04 LTS noble fort-validator –  1.6.1-1ubuntu0.1~esm2  
22.04 LTS jammy fort-validator –  1.5.3-1ubuntu0.1
20.04 LTS focal fort-validator –  1.2.0-1ubuntu0.1~esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›