CVE-2021-26090

CWE-401Memory Leak4 documents4 sources
Severity
7.5HIGH
EPSS
0.4%
top 37.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortimailFortinet Fortinet Fortimail
Timeline
PublishedJul 12
Latest updateMay 24

Description

A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDfortinet/fortimail6.4.06.4.5+1
CVEListV5fortinet/fortinet_fortimailFortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6

🔴Vulnerability Details

2
GHSA
GHSA-j48p-m2m2-h4m7: A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 62022-05-24
CVEList
CVE-2021-26090: A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 62021-07-12

📋Vendor Advisories

1
Fortinet
A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 a...2021-07-12
CVE-2021-26090 (HIGH CVSS 7.5) | A missing release of memory after i | cvebase.io