CVE-2021-20046

Summary

A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.

Affected Software

VendorProductVersion RangeStatus
SonicWallSonicOS7.0.1-R146 and earlieraffected
SonicWallSonicOS7.0.1-5023-1349 and earlieraffected
SonicWallSonicOS7.0.1-5018-R1715 and earlieraffected
SonicWallSonicOS6.5.4.8-89n and earlieraffected
SonicWallSonicOS6.5.1.13-1n and earlieraffected
SonicWallSonicOS6.0.5.3-94o and earlieraffected
SonicWallSonicOS6.5.4.v_21s-1288 and earlieraffected
SonicWallSonicOS5.9.1.13 and earlieraffected

Weaknesses

  • CWE-121: CWE-121: Stack-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References