CVE-2021-22129 — Classic Buffer Overflow in Fortinet Fortimail

CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 36.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortimail Fortinet Fortimail

Timeline

PublishedJul 9

Latest updateMay 24

Description

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortimail5.6.1 — 6.0.11+3

▶CVEListV5fortinet/fortinet_fortimailFortiMail before 6.4.5

🔴Vulnerability Details

GHSA

GHSA-4466-79c6-7gv2: Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6↗2022-05-24

▶

CVEList

CVE-2021-22129: Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6↗2021-07-09

▶

📋Vendor Advisories

Fortinet

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail befo...↗2021-07-09

▶