FortiSandbox - Multiple heap corruption vulnerabilities in command shell


Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments.

Affected Products

FortiSandbox 3.2.2 and below.
FortiSandbox 3.1.4 and below.


Upgrade to FortiSandbox 4.0.0.

Upgrade to FortiSandbox 3.2.3.


Internally discovered and reported by Giuseppe Cocomazzi of Fortinet PSIRT.