====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN552
_____________________________________________________________________

DATE                : 07/10/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): FortiOS, FortiGate versions prior to 6.0.11,
                                      6.2.3, 6.4.0.

=====================================================================
https://www.fortiguard.com/psirt/FG-IR-19-248
_____________________________________________________________________


FortiOS HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerability


Summary

A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of
FortiOS may allow an authenticated remote attacker to crash the service
by sending a malformed PUT request to the server. Fortinet is not aware
of any successful exploitation of this vulnerability that would lead to
code execution.


Impact

Crash of the HTTPD service.


Affected Products

FortiOS versions 6.0.10 and below. FortiOS versions 6.2.2 and below.


Solutions

Please upgrade to FortiGate version 6.0.11 or above. Please upgrade to
FortiGate version 6.2.3 or above. Please upgrade to FortiGate version
6.4.0 or above.


Acknowledgement

Fortinet is pleased to thank Cody Sixteen (
https://code610.blogspot.com/) for reporting this issue under
responsible disclosure.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41         +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================