TR-74 - A heap-based buffer overflow vulnerability [CWE-122] in FortiOS - CVE-2023-27997

TR-74 - A heap-based buffer overflow vulnerability [CWE-122] in FortiOS - CVE-2023-27997

Back to Publications and Presentations

  1. Workaround
  2. Recommendations
  3. Notifications
  4. References
  5. Classification of this document
  6. Revision

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member

A heap-based buffer overflow vulnerability (CWE-122) has been identified in FortiOS and FortiProxy SSL-VPN. This vulnerability allows a remote attacker to execute arbitrary code and commands by sending specially crafted requests.


To mitigate the risk, it is recommended to disable SSL-VPN on the FortiOS device.


  • For FortiOS equipment users: Check if the currently running version is the latest one. If not, apply the available upgrades or implement the provided workaround.
  • If you rely on a service provider for security updates: Request information about the installed version and the most recent version available. If there is a discrepancy, insist on performing the upgrade.
  • If suspicious activity is detected in the logs indicating a compromised FortiOS device, initiate an incident response procedure. Patching alone is not sufficient if you don’t review logs and evidences.


CIRCL (Computer Incident Response Center Luxembourg) has sent notifications to ISPs and known contact points when publicly exposed vulnerable devices were discovered. If you would like to directly share your IP resources for notifying the appropriate contact point, please reach out to us.


Classification of this document

TLP:CLEAR information may be distributed without restriction, subject to copyright controls.


  • Version 1.0 - TLP:CLEAR - First version - 5th July 2023