An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
References
Link | Resource |
---|---|
https://fortiguard.com/advisory/FG-IR-21-049 | Patch Vendor Advisory |
https://fortiguard.com/advisory/FG-IR-21-049 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:55
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 8.1 |
References | () https://fortiguard.com/advisory/FG-IR-21-049 - Patch, Vendor Advisory |
Information
Published : 2021-12-08 13:15
Updated : 2024-11-21 05:55
NVD link : CVE-2021-26109
Mitre link : CVE-2021-26109
CVE.ORG link : CVE-2021-26109
JSON object : View
Products Affected
fortinet
- fortios
CWE
CWE-190
Integer Overflow or Wraparound