CVE-2021-20045

Summary

A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Affected Software

VendorProductVersion RangeStatus
SonicWallSonicWall SMA10010.2.0.8-37sv and earlieraffected
SonicWallSonicWall SMA10010.2.1.1-19sv and earlieraffected
SonicWallSonicWall SMA10010.2.1.2-24sv and earlieraffected

Weaknesses

  • CWE-120: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CVE Program Container

Additional References

References