Memory leak in FortiMail Webmail
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-042
Final
1
1
2021-07-07T00:00:00
Current version
2021-07-07T00:00:00
2021-07-07T00:00:00
A missing release of memory after its effective lifetime vulnerability (CWE-401) in FortiMail Webmail may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.
Denial of service
FortiMail 6.4.4 and below, FortiMail 6.2.6 and below.
Upgrade to FortiMail 7.0.0. Upgrade to FortiMail 6.4.5.
Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT Team.
FortiMail 6.4.4
FortiMail 6.4.3
FortiMail 6.4.2
FortiMail 6.4.1
FortiMail 6.4.0
FortiMail 6.2.6
FortiMail 6.2.5
FortiMail 6.2.4
FortiMail 6.2.3
FortiMail 6.2.2
FortiMail 6.2.1
FortiMail 6.2.0
Memory leak in FortiMail Webmail
CVE-2021-26090
FortiMail-6.4.4
FortiMail-6.4.3
FortiMail-6.4.2
FortiMail-6.4.1
FortiMail-6.4.0
FortiMail-6.2.6
FortiMail-6.2.5
FortiMail-6.2.4
FortiMail-6.2.3
FortiMail-6.2.2
FortiMail-6.2.1
FortiMail-6.2.0
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:U/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-21-042
Memory leak in FortiMail Webmail
Reference>