CVE-2020-29016

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.3.0 through 6.3.5 FortiWeb versions prior to 6.2.4

Description: A stack-based buffer overflow issue may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname. This could enable the attacker to execute arbitrary code.

Recommendations: For FortiWeb versions 6.3.0 through 6.3.5, update to a version outside of this range to resolve the issue. For FortiWeb versions prior to 6.2.4, update to version 6.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable function related to the certname parameter until a patch is available.