CVE-2023-41678: Double free in cache management
First published: Tue Dec 12 2023(Updated: )
A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WebKit | ||
| Microsoft Power Platform | ||
| Azure Logic Apps | ||
| Microsoft Windows | ||
| Adobe Prelude | ||
| Adobe Illustrator 2024 | ||
| Adobe InDesign 2025 | ||
| Adobe Dimension | ||
| Adobe Experience Manager | ||
| Adobe Substance 3D Stager | ||
| Adobe Substance 3D Sampler | ||
| Adobe After Effects 2025 | ||
| Trimble ProDesign 3D | ||
| Android | ||
| SAP Business Technology Platform | ||
| Bamboo | ||
| Atlassian Bitbucket | ||
| Atlassian Jira | ||
| Atlassian Confluence Server/Data Center | ||
| Atlassian Confluence Server and Data Server | ||
| Apache Struts | ||
| VMware Workspace ONE Launcher | ||
| FortiOS | ||
| FortiGuard FortiPAM | ||
| FortiOS | =7.0.0 | |
| FortiOS | =7.0.1 | |
| FortiOS | =7.0.2 | |
| FortiOS | =7.0.3 | |
| FortiOS | =7.0.4 | |
| FortiOS | =7.0.5 | |
| FortiGuard FortiPAM | =1.0.0 | |
| FortiGuard FortiPAM | =1.0.1 | |
| FortiGuard FortiPAM | =1.0.2 | |
| FortiGuard FortiPAM | =1.0.3 | |
| FortiGuard FortiPAM | =1.1.0 | |
| FortiGuard FortiPAM | =1.1.1 |
Remedy
Please upgrade to FortiOS version 7.2.0 or above Please upgrade to FortiOS version 7.0.6 or above Please upgrade to FortiOS version 6.4.15 or above Please upgrade to FortiPAM version 1.2.0 or above Please upgrade to FortiPAM version 1.1.2 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2023-41678?
CVE-2023-41678 is rated as critical due to its potential for unauthorized code execution.
How do I fix CVE-2023-41678?
To mitigate CVE-2023-41678, upgrade to a patched version of FortiOS or FortiPAM as recommended by Fortinet.
What systems are affected by CVE-2023-41678?
CVE-2023-41678 affects Fortinet FortiOS versions 7.0.0 through 7.0.5 and FortiPAM versions 1.0.0 through 1.1.1.
What type of vulnerability is CVE-2023-41678?
CVE-2023-41678 is a double free vulnerability, which is classified under CWE-415.
Can CVE-2023-41678 be exploited remotely?
Yes, CVE-2023-41678 can be exploited remotely through specially crafted requests.
- agent/type
- agent/remedy
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/title
- agent/severity
- agent/description
- collector/fortiguard-psirt
- source/FortiGuard
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/fortiguard-psirt-latest
- alias/CVE-2023-41678
- agent/trending
- agent/event
- agent/source
- zeroday/true
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- vendor/apple
- canonical/webkit
- vendor/microsoft
- canonical/microsoft power platform
- canonical/azure logic apps
- canonical/microsoft windows
- vendor/adobe
- canonical/adobe prelude
- canonical/adobe illustrator 2024
- canonical/adobe indesign 2025
- canonical/adobe dimension
- canonical/adobe experience manager
- canonical/adobe substance 3d stager
- canonical/adobe substance 3d sampler
- canonical/adobe after effects 2025
- canonical/trimble prodesign 3d
- vendor/google
- canonical/android
- vendor/sap
- canonical/sap business technology platform
- vendor/atlassian
- canonical/bamboo
- canonical/atlassian bitbucket
- canonical/atlassian jira
- canonical/atlassian confluence server/data center
- canonical/atlassian confluence server and data server
- vendor/cisco
- canonical/apache struts
- vendor/vmware
- canonical/vmware workspace one launcher
- vendor/fortiguard
- canonical/fortios
- canonical/fortiguard fortipam
- vendor/fortinet
- version/fortios/7.0.0
- version/fortios/7.0.1
- version/fortios/7.0.2
- version/fortios/7.0.3
- version/fortios/7.0.4
- version/fortios/7.0.5
- version/fortiguard fortipam/1.0.0
- version/fortiguard fortipam/1.0.1
- version/fortiguard fortipam/1.0.2
- version/fortiguard fortipam/1.0.3
- version/fortiguard fortipam/1.1.0
- version/fortiguard fortipam/1.1.1