CVE-2023-33302

Published Mar 31, 2025

Last updated a month ago

CVSS medium 4.7

Overview

Description
A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.
Source
psirt@fortinet.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.7
Impact score
3.4
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Severity
MEDIUM

Weaknesses

psirt@fortinet.com
CWE-120

Social media

Hype score
Not currently trending

  1. CVE-2023-33302 A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and b… https://t.co/bl3hegVzE1

    @CVEnew

    31 Mar 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.