CVE-2020-29016

Published: Jan 14, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.

Affected (2)

Products: Fortinet: Fortiweb

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiweb	Before 6.2.4
Fortinet Fortiweb	From 6.3.0 to 6.3.5

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.fortiguard.com/psirt/FG-IR-20-125

Source: psirt@fortinet.com

Vendor Advisory

https://www.fortiguard.com/psirt/FG-IR-20-125

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.