A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-23-095 | Vendor Advisory |
| https://fortiguard.com/psirt/FG-IR-23-095 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:56
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fortiguard.com/psirt/FG-IR-23-095 - Vendor Advisory |
20 Jun 2023, 19:37
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:* |
|
| CWE | CWE-824 | |
| References | (MISC) https://fortiguard.com/psirt/FG-IR-23-095 - Vendor Advisory | |
| First Time |
Fortinet
Fortinet fortios Fortinet fortiproxy |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
13 Jun 2023, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-06-13 09:15
Updated : 2024-11-21 07:56
NVD link : CVE-2023-29178
Mitre link : CVE-2023-29178
CVE.ORG link : CVE-2023-29178
JSON object : View
Products Affected
fortinet
- fortios
- fortiproxy
CWE
CWE-824
Access of Uninitialized Pointer