CVE-2023-36641 — Numeric Truncation Error in Fortinet Fortios

CWE-197 — Numeric Truncation Error4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 35.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy

Timeline

PublishedNov 14

Description

A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5fortinet/fortios7.2.0 — 7.2.5+5

▶NVDfortinet/fortios6.0.0 — 6.0.17+4

▶CVEListV5fortinet/fortiproxy7.2.0 — 7.2.4+5

▶NVDfortinet/fortiproxy1.0.0 — 1.0.7+5

🔴Vulnerability Details

CVEList

CVE-2023-36641: A numeric truncation error in Fortinet FortiProxy version 7↗2023-11-14

▶

GHSA

GHSA-8q63-5vh4-m285: A numeric truncation error in Fortinet FortiProxy version 7↗2023-11-14

▶

📋Vendor Advisories

Fortinet

DOS in headers management↗2023-11-14

▶