CVE Vulnerabilities

CVE-2022-42475

Numeric Truncation Error

Published: Jan 02, 2023 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Weakness

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

Affected Software

Name Vendor Start Version End Version
Fortios Fortinet 5.0.0 (including) 5.0.14 (including)
Fortios Fortinet 5.2.0 (including) 5.2.15 (including)
Fortios Fortinet 5.4.0 (including) 5.4.13 (including)
Fortios Fortinet 5.6.0 (including) 5.6.14 (including)
Fortios Fortinet 6.0.0 (including) 6.0.16 (excluding)
Fortios Fortinet 6.2.0 (including) 6.2.12 (excluding)
Fortios Fortinet 6.4.0 (including) 6.4.11 (excluding)
Fortios Fortinet 7.0.0 (including) 7.0.9 (excluding)
Fortios Fortinet 7.2.0 (including) 7.2.3 (excluding)

Potential Mitigations

References