CVE-2023-33305

A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.

Published: Jun 13, 2023
Updated: Jun 23, 2023
CVE: CVE-2023-33305
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-835

Affected Software
References

Software	From	Fixed in
fortinet / fortiproxy	1.0.0	1.0.7.x
fortinet / fortiproxy	1.1.0	1.1.6.x
fortinet / fortios	5.6.0	5.6.14.x
fortinet / fortios	5.4.0	5.4.13.x
fortinet / fortiproxy	1.2.0	1.2.13.x
fortinet / fortios	5.2.0	5.2.15.x
fortinet / fortios	5.0.0	5.0.14.x
fortinet / fortiweb	6.4.0	6.4.3.x
fortinet / fortios	7.0.0	7.0.9.x
fortinet / fortios	7.2.0	7.2.4.x
fortinet / fortios	6.2.0	6.2.15.x
fortinet / fortiproxy	2.0.0	2.0.12.x
fortinet / fortios	6.0.0	6.0.17.x
fortinet / fortiproxy	7.0.0	7.0.9.x
fortinet / fortiproxy	7.2.0	7.2.3.x
fortinet / fortios	6.4.0	6.4.13.x
fortinet / fortiweb	7.2.0	7.2.0.x
fortinet / fortiweb	7.2.1	7.2.1.x
fortinet / fortiweb	7.0.0	7.0.6.x
fortinet / fortiweb	6.3.0	6.3.23.x

https://fortiguard.com/psirt/FG-IR-22-375

Vulnerability Database

289,784

CVE-2023-33305