Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-29178: Fortiguard

A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.

CVE
Open in Source
#vulnerability#ios#auth

** PSIRT Advisories**

FortiOS & FortiProxy - Access of uninitialized pointer in administrative interface API

Summary

An access of uninitialized pointer vulnerability [CWE-824] in FortiOS administrative interface API may allow an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.

Affected Products

FortiProxy version 7.2.0 through 7.2.3
FortiProxy version 7.0.0 through 7.0.9
FortiProxy 2.0 all versions
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
FortiOS version 7.2.0 through 7.2.4
FortiOS version 7.0.0 through 7.0.11
FortiOS 6.4 all versions
FortiOS 6.2 all versions
FortiOS 6.0 all versions

Solutions

Please upgrade to FortiProxy version 7.2.4 or above
Please upgrade to FortiProxy version 7.0.10 or above
Please upgrade to FortiOS version 7.2.5 or above
Please upgrade to FortiOS version 7.0.12 or above

Acknowledgement

Internally discovered and reported by Kai Ni from Burnaby InfoSec team.

Timeline

2023-06-09: Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE