Integer-based Buffer Overflow Vulnerability in SonicOS by SonicWall
CVE-2024-40765

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Sonicos
Vendor: CVE Published:; 9 January 2025

Summary

SonicOS has a vulnerability that stems from an integer-based buffer overflow in the processing of IPSec. This allows remote attackers, under specific circumstances, to send a carefully crafted IKEv2 payload. Exploiting this flaw could lead to a Denial of Service (DoS) situation and potentially allow the execution of arbitrary code. It is essential for users to be aware of this vulnerability and apply any necessary updates provided by SonicWall to safeguard their systems.

Affected Version(s)

SonicOS Gen6 NSv 6.5.4.4-44v-21-2395 and older versions

SonicOS Gen6 NSv 7.0.1-5151 and older versions

SonicOS Gen6 NSv 7.1.1-7051 and older versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

Timeline

Vulnerability published
Jan 9, 2025
Vulnerability Reserved
Jul 10, 2024

Credit

Yue Liu & n3k from TIANGONG Team of Legendsec at QI-ANXIN Group