CVE-2020-29019

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header.

Published: Jan 14, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-29019
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
fortinet / fortiweb	-	6.2.4
fortinet / fortiweb	6.3.0	6.3.7.x

https://www.fortiguard.com/psirt/FG-IR-20-126

Vulnerability Database

289,784

CVE-2020-29019