Integer overflow in dhcpd daemon Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-155 Final 1 1 2022-07-05T00:00:00 Current version 2022-07-05T00:00:00 2022-07-05T00:00:00 An integer overflow / wraparound vulnerability [CWE-190] in the FortiOS, FortiProxy, FortiSwitch, FortiRecoder, and FortiVoiceEnterprisedhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service. None Denial of service FortiOS version 7.0.3 and below.FortiOS version 6.4.8 and below.FortiOS version 6.2.10 and below.FortiOS version 6.0.x.FortiProxy version 7.0.0.Fortiproxy version 2.0.6 and below.FortiProxy version 1.2.x.FortiProxy version 1.1.x.FortiProxy version 1.0.x.FortiSwitch version 7.0.2 and below.FortiSwitch version 6.4.9 and below.FortiSwitch version 6.2.x.FortiSwitch version 6.0.x.FortiRecorder version 6.4.2 and below.FortiRecorder version 6.0.10 and below.FortiVoiceEnterprise version 6.4.3 and below.FortiVoiceEnterprise version 6.0.10 and below. Please upgrade to FortiOS version 7.0.4 or above.Please upgrade to FortiOS version 6.4.9 or above.Please upgrade to FortiOS version 6.2.11 or above.Please upgrade to FortiProxy version 7.0.1 or above.Please upgrade to FortiProxy version 2.0.7 or above.Please upgrade to FortiSwitch version 7.2.0 or above.Please upgrade to FortiSwitch version 7.0.3 or above.Please upgrade to FortiSwitch version 6.4.10 or above.Please upgrade to FortiRecorder version 6.4.3 or above.Please upgrade to FortiRecorder version 6.0.11 or above.Please upgrade to FortiVoiceEnterprise version 6.4.4 or abovePlease upgrade to FortiVoiceEnterprise version 6.0.11 or above Fortinet is pleased to thank Nanyu Zhong and Yu Zhang from VARAS@IIE for reporting this vulnerability under responsible disclosure. CVE-2021-42755 4.2 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-155 Integer overflow in dhcpd daemon Reference>