CVE-2024-33505: Heap buffer overflow in httpd
First published: Tue Nov 12 2024(Updated: )
A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiAnalyzer | >=7.4.0<=7.4.2 | |
| Fortinet FortiAnalyzer | >=7.2.0<=7.2.5 | |
| Fortinet FortiAnalyzer | >=7.0 | |
| Fortinet FortiAnalyzer | >=6.4 | |
| Fortinet FortiAnalyzer Cloud | >=7.4.1<=7.4.2 | |
| Fortinet FortiAnalyzer Cloud | >=7.2.1<=7.2.6 | |
| Fortinet FortiAnalyzer Cloud | >=7.0 | |
| Fortinet FortiAnalyzer Cloud | >=6.4 | |
| Fortinet FortiManager Cloud | >=7.0 | |
| Fortinet FortiManager Cloud | >=6.4 | |
| Fortinet FortiManager | >=7.4.0<=7.4.2 | |
| Fortinet FortiManager | >=7.4.1<=7.4.2 | |
| Fortinet FortiManager | >=7.2.0<=7.2.5 | |
| Fortinet FortiManager | >=7.2.1<=7.2.6 | |
| Fortinet FortiManager | >=7.0 | |
| Fortinet FortiManager | >=6.4 | |
| Fortinet FortiManager | >=6.2 | |
| Fortinet FortiManager | >=6.0 |
Remedy
Please upgrade to FortiAnalyzer version 7.4.3 or above Please upgrade to FortiAnalyzer version 7.2.6 or above Please upgrade to FortiManager version 7.4.3 or above Please upgrade to FortiManager version 7.2.6 or above Please upgrade to FortiAP-U version 7.0.4 or above Please upgrade to FortiClient (all) version 7.4.0 or above Please upgrade to FortiClient (all) version 7.2.5 or above Please upgrade to FortiClient (all) version 7.0.13 or above Please upgrade to FortiManager Cloud version 7.4.3 or above Please upgrade to FortiManager Cloud version 7.2.7 or above Please upgrade to FortiAP version 7.6.0 or above Please upgrade to FortiAP version 7.4.3 or above Please upgrade to FortiClientEMS version 7.2.7 or above Please upgrade to FortiAnalyzer Cloud version 7.4.3 or above Please upgrade to FortiAnalyzer Cloud version 7.2.7 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2024-33505
- agent/first-publish-date
- collector/fortiguard-psirt
- agent/software-canonical-lookup
- agent/title
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/weakness
- agent/type
- agent/description
- collector/nvd-api
- source/NVD
- agent/author
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/event
- vendor/fortinet
- canonical/fortinet fortianalyzer
- version/fortinet fortianalyzer/7.4.0
- version/fortinet fortianalyzer/7.4.2
- version/fortinet fortianalyzer/7.2.0
- version/fortinet fortianalyzer/7.2.5
- version/fortinet fortianalyzer/7.0
- version/fortinet fortianalyzer/6.4
- canonical/fortinet fortianalyzer cloud
- version/fortinet fortianalyzer cloud/7.4.1
- version/fortinet fortianalyzer cloud/7.4.2
- version/fortinet fortianalyzer cloud/7.2.1
- version/fortinet fortianalyzer cloud/7.2.6
- version/fortinet fortianalyzer cloud/7.0
- version/fortinet fortianalyzer cloud/6.4
- canonical/fortinet fortimanager cloud
- version/fortinet fortimanager cloud/7.0
- version/fortinet fortimanager cloud/6.4
- canonical/fortinet fortimanager
- version/fortinet fortimanager/7.4.0
- version/fortinet fortimanager/7.4.2
- version/fortinet fortimanager/7.4.1
- version/fortinet fortimanager/7.2.0
- version/fortinet fortimanager/7.2.5
- version/fortinet fortimanager/7.2.1
- version/fortinet fortimanager/7.2.6
- version/fortinet fortimanager/7.0
- version/fortinet fortimanager/6.4
- version/fortinet fortimanager/6.2
- version/fortinet fortimanager/6.0