Buffer overflow in Sonicwall Sma100

CVE-2024-40763

Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.

Vulnerability class: Buffer Overflow

EPSS: 0.108 (93.5th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma100 — versions 10.2.1.13-72sv and earlier versions

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018 (vendor-advisory)