FortiSwitch - memory leak issue in lldpmedd daemon

Summary

A missing release of memory after effective lifetime vulnerability in FortiSwitch may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device.

Affected Products

FortiSwitch versions 6.4.6 and below.
FortiSwitch versions 6.2.6 and below.
FortiSwitch versions 6.0.x
FortiSwitch versions 3.6.x

Solutions

Please upgrade to FortiSwitch 7.0.0.
Please upgrade to FortiSwitch version 6.4.7 or above.
Please upgrade to FortiSwitch version 6.2.7 or above.

Acknowledgement

Fortinet is pleased to thank Qian Chen of Qihoo 360 Nirvan Team for reporting this vulnerability under responsible disclosure.