CVE-2020-29019

2021-01-1416:01:57

fortinet

www.cve.org

vulnerability

fortiweb

buffer overflow

remote attacker

crafted cookie.

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

62.2%

JSON

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header.

CNA Affected

[
  {
    "product": "Fortinet FortiWeb",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4"
      }
    ]
  }
]

References

www.fortiguard.com/psirt/FG-IR-20-126