CVE-2021-22129
published 2021-07-09CVE-2021-22129: Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortimail | <= 5.4.12 | — |
| fortinet | fortimail | — | — |
| fortinet | fortimail | >= 5.6.1 < 6.0.11 | 6.0.11 |
| fortinet | fortimail | >= 6.2.0 < 6.2.7 | 6.2.7 |
| fortinet | fortimail | >= 6.4.0 < 6.4.5 | 6.4.5 |
| fortinet | fortindr | — | — |
| fortinet | fortinet | — | — |
| fortinet | fortinet_fortimail | — | — |