CVE-2024-40764
EUVD-2024-3861218.07.2024, 08:15
Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| sonicwall | sonicos | 𝑥 < 6.5.4.v-21s-rc2457 |
| sonicwall | sonicos | 𝑥 < 7.0.1-5161 |
| sonicwall | sonicos | 7.1.1-7040 ≤ 𝑥 < 7.1.1-7058 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| sonicwall | sonicos | 𝑥 ≤ 6.5.4.4-44v-21-2395 | ADP |
| sonicwall | sonicos | 𝑥 ≤ 7.0.1-5151 | ADP |
| sonicwall | sonicos | 𝑥 ≤ 7.1.1-7051 | ADP |
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.