CVE-2020-29016: [FortiWeb] Stack-Based Buffer Overflow vulnerability using a crafted request
First published: Mon Jan 04 2021(Updated: )
A stack-based buffer overflow [CWE-121] vulnerability in FortiWeb may allow an unauthenticated attacker to overwrite the content of the stack and potentially execute arbitrary code by sending crafted HTTP requests with large request parameter values.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiWeb | <6.2.4 | |
| Fortinet FortiWeb | >=6.3.0<=6.3.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/last-modified-date
- collector/fortiguard-psirt
- source/FortiGuard
- alias/CVE-2020-29016
- agent/weakness
- agent/author
- agent/title
- agent/severity
- agent/references
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortiweb
- version/fortinet fortiweb/6.3.0
- version/fortinet fortiweb/6.3.5