CVE-2020-29016: [FortiWeb] Stack-Based Buffer Overflow vulnerability using a crafted request
First published: Mon Jan 04 2021(Updated: )
A stack-based buffer overflow [CWE-121] vulnerability in FortiWeb may allow an unauthenticated attacker to overwrite the content of the stack and potentially execute arbitrary code by sending crafted HTTP requests with large request parameter values.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiWeb | <6.2.4 | |
| Fortinet FortiWeb | >=6.3.0<=6.3.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-29016?
CVE-2020-29016 has a high severity due to its potential for arbitrary code execution from a stack-based buffer overflow.
How do I fix CVE-2020-29016?
To mitigate CVE-2020-29016, update FortiWeb to a version above 6.2.4 or between 6.3.0 and 6.3.5.
Who is affected by CVE-2020-29016?
CVE-2020-29016 affects FortiWeb versions below 6.2.4 and between 6.3.0 and 6.3.5.
What type of vulnerability is CVE-2020-29016?
CVE-2020-29016 is a stack-based buffer overflow vulnerability categorized under CWE-121.
Can CVE-2020-29016 be exploited remotely?
Yes, CVE-2020-29016 can be exploited by unauthenticated attackers via crafted HTTP requests.
- collector/nvd-index
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/fortiguard-psirt
- source/FortiGuard
- alias/CVE-2020-29016
- agent/title
- agent/description
- agent/trending
- agent/tags
- agent/source
- vendor/fortinet
- canonical/fortinet fortiweb
- version/fortinet fortiweb/6.3.0
- version/fortinet fortiweb/6.3.5