What is CVE-2024-40765?

CVE-2024-40765 is a vulnerability in Sonicwall Sonicos, classified under Integer Overflow or Wraparound. Published 2025-01-09.

Is CVE-2024-40765 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Integer overflow in Sonicwall Sonicos

CVE-2024-40765

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.

Vulnerability class: Integer Overflow

EPSS: 0.029 (86.7th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sonicos — versions 6.5.4.4-44v-21-2395 and older versions, 7.0.1-5151 and older versions, 7.1.1-7051 and older versions

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0013 (vendor-advisory)

Frequently asked questions

What is CVE-2024-40765?: CVE-2024-40765 is a vulnerability in Sonicwall Sonicos, classified under Integer Overflow or Wraparound. Published 2025-01-09.
Is CVE-2024-40765 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.