CVE-2021-20043
08.12.2021, 10:15
A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.Enginsight
| Vendor | Product | Version |
|---|---|---|
| sonicwall | sma_200_firmware | 10.2.0.8-37sv |
| sonicwall | sma_200_firmware | 10.2.1.1-19sv |
| sonicwall | sma_210_firmware | 10.2.0.8-37sv |
| sonicwall | sma_210_firmware | 10.2.1.1-19sv |
| sonicwall | sma_410_firmware | 10.2.0.8-37sv |
| sonicwall | sma_410_firmware | 10.2.1.1-19sv |
| sonicwall | sma_400_firmware | 10.2.0.8-37sv |
| sonicwall | sma_400_firmware | 10.2.1.1-19sv |
| sonicwall | sma_500v_firmware | 10.2.0.8-37sv |
| sonicwall | sma_500v_firmware | 10.2.1.1-19sv |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.