SonicOS HTTP Server Buffer Overflow Vulnerability Leads to DoS
CVE-2024-29012

7.5HIGH

Key Information:

Vendor: Sonicwall
Status: Sonicos
Vendor: CVE Published:; 20 June 2024

Summary

The SonicOS HTTP server is susceptible to a stack-based buffer overflow vulnerability that can be exploited by an authenticated remote attacker. By leveraging this vulnerability, an attacker can utilize the sscanf function to manipulate buffer allocations, ultimately causing a Denial of Service (DoS) condition. This issue highlights the critical nature of secure coding practices and the importance of timely patch management to protect against potential attack vectors.

Affected Version(s)

SonicOS Gen7 7.1.1-7051 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 20, 2024
Vulnerability Reserved
Mar 14, 2024