CVE-2023-36641

A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests.

Published: Nov 14, 2023
Updated: Nov 21, 2023
CVE: CVE-2023-36641
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-197

Affected Software
References

Software	From	Fixed in
fortinet / fortiproxy	1.0.0	1.0.7.x
fortinet / fortiproxy	1.1.0	1.1.6.x
fortinet / fortiproxy	1.2.0	1.2.13.x
fortinet / fortios	6.2.0	6.2.15.x
fortinet / fortios	6.0.0	6.0.17.x
fortinet / fortiproxy	7.0.0	7.0.10.x
fortinet / fortios	7.0.0	7.0.12.x
fortinet / fortios	6.4.0	6.4.14.x
fortinet / fortios	7.2.0	7.2.5.x
fortinet / fortiproxy	2.0.0	2.0.13.x
fortinet / fortiproxy	7.2.0	7.2.4.x

https://fortiguard.com/psirt/FG-IR-23-151

Vulnerability Database

289,784

CVE-2023-36641