An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/advisory/FG-IR-21-049 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2021-12-08T12:22:19
Updated: 2024-08-03T20:19:20.114Z
Reserved: 2021-01-25T00:00:00
Link: CVE-2021-26109
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-12-08T13:15:07.660
Modified: 2021-12-09T20:52:35.520
Link: CVE-2021-26109
Redhat
No data.