PSIRT Advisories
FortiSwitch - memory leak issue in lldpmedd daemon
Summary
A missing release of memory after effective lifetime vulnerability in FortiSwitch may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device.
Affected Products
FortiSwitch versions 6.4.6 and below. FortiSwitch versions 6.2.6 and below. FortiSwitch versions 6.0.x FortiSwitch versions 3.6.xSolutions
Please upgrade to FortiSwitch 7.0.0.
Please upgrade to FortiSwitch version 6.4.7 or above.
Please upgrade to FortiSwitch version 6.2.7 or above.
Acknowledgement
Fortinet is pleased to thank Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team for reporting this vulnerability under responsible disclosure.