CVE-2020-29016

CRITICAL

FortiWeb < 6.2.4 and 6.3.0-6.3.5 - Unauthenticated Stack-Based Buffer Overflow via Large Certname

Title source: llm
STIX 2.1

Description

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.fortiguard.com/psirt/FG-IR-20-125

Scores

CVSS v3 9.8
EPSS 0.0218
EPSS Percentile 84.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-787
Status published
Products (1)
fortinet/fortiweb < 6.2.4
Published Jan 14, 2021
Tracked Since Feb 18, 2026