Stack-Based Buffer Overflow Vulnerability in SonicWall's SonicOS
CVE-2023-39277

6.5MEDIUM

Key Information:

Vendor: Sonicwall
Status: Sonicos
Vendor: CVE Published:; 17 October 2023

What is CVE-2023-39277?

A stack-based buffer overflow vulnerability exists in SonicWall's SonicOS, specifically in the sonicflow.csv and appflowsessions.csv URL endpoints. This flaw can be exploited post-authentication, potentially leading to a crash of the firewall, disrupting network security measures and impacting overall system stability. It is essential for users of affected SonicOS versions to apply the recommended fixes to mitigate potential risks.

Affected Version(s)

SonicOS 7.0.1-5119 and earlier versions

SonicOS 7.0.1-5129 and earlier versions

SonicOS 6.5.4.4-44v-21-2079 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Jul 27, 2023

Sonicwall

What is CVE-2023-39277?

Affected Version(s)

References

CVSS V3.1

Timeline