[FG-IR-21-023] Multiple buffer overflows in FortiMail Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-023 Final 1 1 2021-07-07T00:00:00 Current version 2021-07-07T00:00:00 2025-03-18T00:00:00 Multiple instances of incorrect calculation of buffer size in FortiMail webmail and administrative interface and FortiNDR administrative interface may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. Execute unauthorized code or commands FortiMail 6.4.4 and below.FortiMail 6.2.6 and below.FortiMail 6.0.10 and below.FortiMail 5.4.12 and below.FortiNDR 7.2.1 and below.FortiNDR 7.1 all versions.FortiNDR 7.0 all versions.FortiNDR 1.5 all versions.FortiNDR 1.4 all versions.FortiNDR 1.3 all versions.FortiNDR 1.2 all versions.FortiNDR 1.1 all versions. Please upgrade to FortiMail version 7.0.0 or abovePlease upgrade to FortiMail version 6.4.5 or abovePlease upgrade to FortiMail version 6.2.7 or abovePlease upgrade to FortiMail version 6.0.11 or abovePlease upgrade to FortiNDR version 7.2.1 or above Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT Team. CVE-2021-22129 CVE-2023-33302 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-023 [FG-IR-21-023] Multiple buffer overflows in FortiMail Reference>