- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- PSIRT-FG-IR-22-398 heap-based buffer overflow [CW...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PSIRT-FG-IR-22-398 heap-based buffer overflow [CWE-122] hit after V7.2.7 Build 1577 update
I updated our Fortigate 100E to V7.2.7 Build 1577 on 2/9/2024 manually (after frequent timeouts via fabric management). Received notification of sslvpnd application crashes on 2/11/2024. Further examination showed no trace of the CVE-2022-42475 indicators, or traffic with the listed critical IPs, but there were 3 crashes.
Could this still be an issue with the F100E?
Thanks.
-----------------
SSH logs follow:
# diagnose debug crashlog read
<truncated to relevant datetime>
6138: 2024-02-09 14:02:49 the killed daemon is /bin/eap_proxy: status=0x0
6139: 2024-02-11 05:41:45 sslvpn watchdog timeout
6140: 2024-02-11 05:41:45 <00274> firmware FortiGate-100E v7.2.7,build1577b1577,240131 (GA.M) (Release)
6141: 2024-02-11 05:41:45 <00274> application sslvpnd
6142: 2024-02-11 05:41:45 <00274> *** signal 11 (Segmentation fault) received ***
6143: 2024-02-11 05:41:45 <00274> Register dump:
6144: 2024-02-11 05:41:45 <00274> R0: 36fb7adc R1: 00000005 R2: 3ec53480 R3: 00000005
6145: 2024-02-11 05:41:45 <00274> R4: 36b8f000 R5: 36fb7adc R6: 3ec53520 R7: 3ec53460
6146: 2024-02-11 05:41:45 <00274> R8: 3ec534b0 R9: 36f7c26c R10: 00000000 FP: 3ec5ff48
6147: 2024-02-11 05:41:45 <00274> IP: 36b8f048 SP: 3ec53460 LR: 36b7341f PC: 36b73192
6148: 2024-02-11 05:41:45 <00274> CPSR: 200f0030 Addr: 00000005
6149: 2024-02-11 05:41:45 <00274> Trap: 0000000e Error: 00000017 OldMask: 00002000
6150: 2024-02-11 05:41:45 <00274> Backtrace:
6151: 2024-02-11 05:41:45 <00274> [0x36b73192] => /usr/lib/arm-linux-gnueabi/libunwind.so.8 liboffset
6152: 2024-02-11 05:41:45 00004192
6153: 2024-02-11 05:41:45 <00274> fortidev 6.0.1.0005
6154: 2024-02-11 05:41:46 the killed daemon is /bin/sslvpnd: status=0xd
6155: 2024-02-11 05:56:24 sslvpn watchdog timeout
6156: 2024-02-11 05:56:24 sslvpnd previously crashed 1 times. The last crash was at 2024-02-11 05:41:45.
6157: 2024-02-11 05:56:24 <19636> firmware FortiGate-100E v7.2.7,build1577b1577,240131 (GA.M) (Release)
6158: 2024-02-11 05:56:24 <19636> application sslvpnd
6159: 2024-02-11 05:56:24 <19636> *** signal 11 (Segmentation fault) received ***
6160: 2024-02-11 05:56:24 <19636> Register dump:
6161: 2024-02-11 05:56:24 <19636> R0: 36fb7adc R1: 00000005 R2: 3ec53480 R3: 00000005
6162: 2024-02-11 05:56:24 <19636> R4: 36b8f000 R5: 36fb7adc R6: 3ec53520 R7: 3ec53460
6163: 2024-02-11 05:56:24 <19636> R8: 3ec534b0 R9: 36f7c26c R10: 00000000 FP: 3ec5ff48
6164: 2024-02-11 05:56:24 <19636> IP: 36b8f048 SP: 3ec53460 LR: 36b7341f PC: 36b73192
6165: 2024-02-11 05:56:24 <19636> CPSR: 200f0030 Addr: 00000005
6166: 2024-02-11 05:56:24 <19636> Trap: 0000000e Error: 00000017 OldMask: 00002000
6167: 2024-02-11 05:56:24 <19636> Backtrace:
6168: 2024-02-11 05:56:24 <19636> [0x36b73192] => /usr/lib/arm-linux-gnueabi/libunwind.so.8 liboffset
6169: 2024-02-11 05:56:24 00004192
6170: 2024-02-11 05:56:24 <19636> fortidev 6.0.1.0005
6171: 2024-02-11 06:11:05 sslvpn watchdog timeout
6172: 2024-02-11 06:11:05 sslvpnd previously crashed 2 times. The last crash was at 2024-02-11 05:56:24.
6173: 2024-02-11 06:11:05 <19637> firmware FortiGate-100E v7.2.7,build1577b1577,240131 (GA.M) (Release)
6174: 2024-02-11 06:11:05 <19637> application sslvpnd
6175: 2024-02-11 06:11:05 <19637> *** signal 11 (Segmentation fault) received ***
6176: 2024-02-11 06:11:05 <19637> Register dump:
6177: 2024-02-11 06:11:05 <19637> R0: 36fb7adc R1: 00000005 R2: 3ec53480 R3: 00000005
6178: 2024-02-11 06:11:05 <19637> R4: 36b8f000 R5: 36fb7adc R6: 3ec53520 R7: 3ec53460
6179: 2024-02-11 06:11:05 <19637> R8: 3ec534b0 R9: 36f7c26c R10: 00000000 FP: 3ec5ff48
6180: 2024-02-11 06:11:05 <19637> IP: 36b8f048 SP: 3ec53460 LR: 36b7341f PC: 36b73192
6181: 2024-02-11 06:11:05 <19637> CPSR: 200f0030 Addr: 00000005
6182: 2024-02-11 06:11:05 <19637> Trap: 0000000e Error: 00000017 OldMask: 00002000
6183: 2024-02-11 06:11:05 <19637> Backtrace:
6184: 2024-02-11 06:11:05 <19637> [0x36b73192] => /usr/lib/arm-linux-gnueabi/libunwind.so.8 liboffset
6185: 2024-02-11 06:11:05 00004192
6186: 2024-02-11 06:11:05 <19637> fortidev 6.0.1.0005
6187: 2024-02-11 07:11:08 sslvpnd crashed 3 times. The latest crash was at 2024-02-11 06:11:05.
Crash log interval is 3600 seconds
Max crash log line number: 16384
Labels:
- Labels:
-
FortiGate
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @lm21108 ,
How often it crashes? Does it affect your traffic/VPN users/performances?
If it affects users connected, I would suggest you to open a ticket with our support so the crash can be investigated further, please.
Best regards,
---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It appears to have come right back up, no users were online (vpn) at that time so not sure about the effect from that standpoint. Only seems to be those 3 isolated events so far.
I will open a ticket though, if this is still an issue it will need to be fixed.
Thanks.
Related Posts
- Anyone know about the OpenSSH in... 1184 Views
- About VAPT on fortigate 612 Views
- HTTP.Server.Authorization.Buffer.Overflow question 663 Views
- FortiGate WebUI Tools > Full Config 1642 Views
Labels
-
FortiGate
6,528 -
FortiClient
1,303 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
59 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.