CVE-2021-22129

Name of the Vulnerable Software and Affected Versions FortiMail versions prior to 6.4.5

Description The issue is caused by a buffer overflow on the stack due to incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail. This may allow an authenticated attacker with regular webmail access to trigger the buffer overflow and possibly execute unauthorized code or commands via specifically crafted HTTP requests.

Recommendations For versions prior to 6.4.5, update to version 6.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Webmail and Administrative interface to minimize the risk of exploitation. Avoid using specifically crafted HTTP requests in the affected interfaces until the issue is resolved.