ghsa-9h5m-38gw-j896
Vulnerability from github
Published
2021-12-09 00:01
Modified
2021-12-10 00:01
Details
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
{ "affected": [], "aliases": [ "CVE-2021-26109" ], "database_specific": { "cwe_ids": [ "CWE-190" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2021-12-08T13:15:00Z", "severity": "CRITICAL" }, "details": "An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.", "id": "GHSA-9h5m-38gw-j896", "modified": "2021-12-10T00:01:03Z", "published": "2021-12-09T00:01:02Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26109" }, { "type": "WEB", "url": "https://fortiguard.com/advisory/FG-IR-21-049" } ], "schema_version": "1.4.0", "severity": [] }
Loading...