A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-23-095 | Vendor Advisory |
| https://fortiguard.com/psirt/FG-IR-23-095 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:56
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fortiguard.com/psirt/FG-IR-23-095 - Vendor Advisory |
20 Jun 2023, 19:37
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Fortinet fortiproxy
Fortinet Fortinet fortios |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
| CPE | cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* |
|
| CWE | CWE-824 | |
| References | (MISC) https://fortiguard.com/psirt/FG-IR-23-095 - Vendor Advisory |
13 Jun 2023, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-06-13 09:15
Updated : 2024-11-21 07:56
NVD link : CVE-2023-29178
Mitre link : CVE-2023-29178
CVE.ORG link : CVE-2023-29178
JSON object : View
Products Affected
fortinet
- fortiproxy
- fortios
CWE
CWE-824
Access of Uninitialized Pointer