Stack-based buffer overflow due to type mismatch
Summary
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb may allow an authenticated attacker to execute unauthorized code or commands via SAML login using a crafted certificate.
Affected Products
FortiWeb 6.4.0 and 6.4.1 are impacted.
Solutions
Upgrade to the upcoming FortiWeb version 7.0.0 or above.
Upgrade to FortiWeb version 6.4.2 or above.