FortiProxy - HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerability


A stack-based buffer overflow vulnerability in the HTTPD daemon of FortiProxy may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server.

Affected Products

FortiProxy versions 2.0.1 and below. FortiProxy versions 1.2.9 and below. FortiProxy versions 1.1.x. FortiProxy versions 1.0.x.


Please upgrade to Fortiproxy version 1.2.10 or above. Please upgrade to Fortiproxy version 2.0.2 or above.


Fortinet is pleased to thank Cody Sixteen ( for reporting this issue under responsible disclosure.