CVE-2023-29178

Summary

A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiProxy7.2.0 <= 7.2.3affected
FortinetFortiProxy7.0.0 <= 7.0.9affected
FortinetFortiProxy2.0.0 <= 2.0.12affected
FortinetFortiProxy1.2.0 <= 1.2.13affected
FortinetFortiProxy1.1.0 <= 1.1.6affected
FortinetFortiOS7.2.0 <= 7.2.4affected
FortinetFortiOS7.0.0 <= 7.0.11affected
FortinetFortiOS6.4.0 <= 6.4.13affected
FortinetFortiOS6.2.0 <= 6.2.15affected
FortinetFortiOS6.0.0 <= 6.0.17affected

Weaknesses

  • CWE-824: Denial of service

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References