Uncontrolled memory allocation Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-109 Final 1 1 2021-11-02T00:00:00 Current version 2021-11-02T00:00:00 2021-11-02T00:00:00 A memory allocation with excessive size value vulnerability [CWE-789] in the license verification function of FortiPortal may allow an attacker to perform a denial of service attack via specially crafted license blobs. None Denial of service FortiPortal versions 6.0.5 and below.FortiPortal versions 5.3.6 and below.FortiPortal versions 5.2.6 and below.FortiPortal versions 5.1.2 and below.FortiPortal versions 5.0.3 and below.FortiPortal versions 4.2.2 and below.FortiPortal versions 4.2.2 and below.FortiPortal versions 4.1.2 and below.FortiPortal versions 4.0.4 and below. Upgrade to FortiPortal version 7.0.0 or above.Upgrade to FortiPortal version 6.0.6 or above. Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team. CVE-2021-36174 4.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-109 Uncontrolled memory allocation Reference>