FortiWeb - Stack-based buffer overflow due to type mismatch


A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb may allow an authenticated attacker to execute unauthorized code or commands via SAML login using a crafted certificate.

Affected Products

FortiWeb 6.4.0 and 6.4.1 are impacted.


Upgrade to the upcoming FortiWeb version 7.0.0 or above.

Upgrade to FortiWeb version 6.4.2 or above.


Internally discovered and reported by Mattia Fecit of Fortinet Product Security team.