26 野に咲く名無し@転載禁止 2023/09/14 13:31:20
最後のはSSL DPI利用してる環境でのRCEだけど前2つはheap based buffer overflowで条件がなぁ😑
https://labs.watchtowr.com/fortinet-no-more-funny-titles-cve-2022-42475/
If you recall, the initial difference that piqued our interest was a change to the memory allocator, which will now reject HTTP requests with a Content-Length of over 0x40000000 bytes. There are other such checks added, presumably to add extra layers of safety to the large codebase. One such check will reject POST attempts which contain a payload of more than 1048576 (0x10000) bytes, responding with a HTTP "413 Request Entity Too Large" message instead of waiting for the transfer of the payload data.