CVE-2024-40765 | THREATINT

Description

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.

PUBLISHED Reserved 2024-07-10 | Published 2025-01-09 | Updated 2025-01-09 | Assigner sonicwall

Problem types

CWE-190 Integer Overflow or Wraparound

Product status

Default status

unknown

6.5.4.4-44v-21-2395 and older versions

affected

7.0.1-5151 and older versions

affected

7.1.1-7051 and older versions

affected

Credits

Yue Liu & n3k from TIANGONG Team of Legendsec at QI-ANXIN Group finder

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0013 vendor-advisory

cve.org (CVE-2024-40765)

nvd.nist.gov (CVE-2024-40765)

Download JSON