CVE-2021-42756

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:28

Type Values Removed Values Added
References () https://fortiguard.com/psirt/FG-IR-21-186 - Vendor Advisory () https://fortiguard.com/psirt/FG-IR-21-186 - Vendor Advisory

07 Nov 2023, 03:39

Type Values Removed Values Added
Summary Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests. Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

Information

Published : 2023-02-16 19:15

Updated : 2024-11-21 06:28


NVD link : CVE-2021-42756

Mitre link : CVE-2021-42756

CVE.ORG link : CVE-2021-42756


JSON object : View

Products Affected

fortinet

  • fortiweb
CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write