CVE-2020-29016

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.

Published: Jan 14, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-29016
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
fortinet / fortiweb	-	6.2.4
fortinet / fortiweb	6.3.0	6.3.5.x

https://www.fortiguard.com/psirt/FG-IR-20-125

Vulnerability Database

289,784

CVE-2020-29016