CVE-2021-22129

HIGH

FortiMail < 6.4.5 - Authenticated Buffer Overflow via Crafted HTTP Requests

Title source: llm
STIX 2.1

Description

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-21-023

Scores

CVSS v3 8.8
EPSS 0.0109
EPSS Percentile 61.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-120
Status published
Products (1)
fortinet/fortimail < 5.4.12
Published Jul 09, 2021
Tracked Since Feb 18, 2026