Integer overflow in dhcpd daemon
Summary
An integer overflow / wraparound vulnerability [CWE-190] in the FortiOS, FortiProxy, FortiSwitch, FortiRecoder, and FortiVoiceEnterprise
dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.
Affected Products
FortiOS version 7.0.3 and below.
FortiOS version 6.4.8 and below.
FortiOS version 6.2.10 and below.
FortiOS version 6.0.x.
FortiProxy version 7.0.0.
Fortiproxy version 2.0.6 and below.
FortiProxy version 1.2.x.
FortiProxy version 1.1.x.
FortiProxy version 1.0.x.
FortiSwitch version 7.0.2 and below.
FortiSwitch version 6.4.9 and below.
FortiSwitch version 6.2.x.
FortiSwitch version 6.0.x.
FortiRecorder version 6.4.2 and below.
FortiRecorder version 6.0.10 and below.
FortiVoiceEnterprise version 6.4.3 and below.
FortiVoiceEnterprise version 6.0.10 and below.
Solutions
Please upgrade to FortiOS version 7.0.4 or above.
Please upgrade to FortiOS version 6.4.9 or above.
Please upgrade to FortiOS version 6.2.11 or above.
Please upgrade to FortiProxy version 7.0.1 or above.
Please upgrade to FortiProxy version 2.0.7 or above.
Please upgrade to FortiSwitch version 7.2.0 or above.
Please upgrade to FortiSwitch version 7.0.3 or above.
Please upgrade to FortiSwitch version 6.4.10 or above.
Please upgrade to FortiRecorder version 6.4.3 or above.
Please upgrade to FortiRecorder version 6.0.11 or above.
Please upgrade to FortiVoiceEnterprise version 6.4.4 or above
Please upgrade to FortiVoiceEnterprise version 6.0.11 or above
Acknowledgement
Fortinet is pleased to thank Nanyu Zhong and Yu Zhang from VARAS@IIE for reporting this vulnerability under responsible disclosure.Timeline
2022-07-05: Initial publication