CVE-2024-29012

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.

CVSS v3.0 7.5 HIGH

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0008	Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0008	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos::::::::

OR	cpe:2.3:h:sonicwall:nsa_2700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_10700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_11700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_13700:-:::::::*
	cpe:2.3:h:sonicwall:nsv_270:-:::::::*
	cpe:2.3:h:sonicwall:nsv_470:-:::::::*
	cpe:2.3:h:sonicwall:nsv_870:-:::::::*
	cpe:2.3:h:sonicwall:tz270:-:::::::*
	cpe:2.3:h:sonicwall:tz270w:-:::::::*
	cpe:2.3:h:sonicwall:tz370:-:::::::*
	cpe:2.3:h:sonicwall:tz370w:-:::::::*
	cpe:2.3:h:sonicwall:tz470:-:::::::*
	cpe:2.3:h:sonicwall:tz470w:-:::::::*
	cpe:2.3:h:sonicwall:tz570:-:::::::*
	cpe:2.3:h:sonicwall:tz570p:-:::::::*
	cpe:2.3:h:sonicwall:tz570w:-:::::::*
	cpe:2.3:h:sonicwall:tz670:-:::::::*

History

19 Aug 2024, 19:34

Type	Values Removed	Values Added
References	~~() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0008 -~~	() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0008 - Vendor Advisory
CWE	~~CWE-121~~	CWE-787
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Sonicwall tz370w Sonicwall nsv 270 Sonicwall sonicos Sonicwall tz270 Sonicwall tz670 Sonicwall tz470w Sonicwall tz570 Sonicwall tz570w Sonicwall tz270w Sonicwall nsa 4700 Sonicwall nsv 470 Sonicwall nsa 6700 Sonicwall nssp 11700 Sonicwall nsa 5700 Sonicwall nsa 3700 Sonicwall tz370 Sonicwall nssp 10700 Sonicwall tz470 Sonicwall nssp 13700 Sonicwall nsa 2700 Sonicwall tz570p Sonicwall Sonicwall nsv 870
CPE		cpe:2.3:h:sonicwall:tz270w:-:::::::* cpe:2.3:h:sonicwall:nsa_3700:-:::::::* cpe:2.3:h:sonicwall:nssp_11700:-:::::::* cpe:2.3:h:sonicwall:tz570w:-:::::::* cpe:2.3:h:sonicwall:tz670:-:::::::* cpe:2.3:h:sonicwall:nsa_6700:-:::::::* cpe:2.3:h:sonicwall:tz470w:-:::::::* cpe:2.3:o:sonicwall:sonicos:::::::: cpe:2.3:h:sonicwall:nssp_10700:-:::::::* cpe:2.3:h:sonicwall:nsv_270:-:::::::* cpe:2.3:h:sonicwall:tz370w:-:::::::* cpe:2.3:h:sonicwall:nsv_470:-:::::::* cpe:2.3:h:sonicwall:nsv_870:-:::::::* cpe:2.3:h:sonicwall:tz270:-:::::::* cpe:2.3:h:sonicwall:tz570:-:::::::* cpe:2.3:h:sonicwall:tz570p:-:::::::* cpe:2.3:h:sonicwall:nsa_4700:-:::::::* cpe:2.3:h:sonicwall:tz470:-:::::::* cpe:2.3:h:sonicwall:nsa_5700:-:::::::* cpe:2.3:h:sonicwall:tz370:-:::::::* cpe:2.3:h:sonicwall:nssp_13700:-:::::::* cpe:2.3:h:sonicwall:nsa_2700:-:::::::*

20 Jun 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-20 09:15

Updated : 2025-03-25 17:15

NVD link : CVE-2024-29012

Mitre link : CVE-2024-29012

JSON object : View

Products Affected

sonicwall

tz670
tz470w
tz570
nsa_6700
tz570p
tz270
nsa_4700
nssp_11700
nsv_870
tz370w
nssp_13700
nssp_10700
tz270w
nsv_470
nsa_2700
tz570w
tz470
nsa_5700
nsa_3700
nsv_270
tz370
sonicos

CWE

CWE-787

Out-of-bounds Write

7.5 /10