CVE-2023-39277: Buffer Overflow
First published: Tue Oct 17 2023(Updated: )
SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.
Credit: PSIRT@sonicwall.com PSIRT@sonicwall.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SonicWall SonicOS | <7.0.1-5145 | |
| Sonicwall Nsa2700 | ||
| Sonicwall Nsa3700 | ||
| Sonicwall Nsa4700 | ||
| Sonicwall Nsa5700 | ||
| Sonicwall Nsa6700 | ||
| Sonicwall Nssp10700 | ||
| Sonicwall Nssp11700 | ||
| Sonicwall Nssp13700 | ||
| Sonicwall Nssp15700 | ||
| Sonicwall Nsv10 | ||
| Sonicwall Nsv100 | ||
| Sonicwall Nsv1600 | ||
| Sonicwall Nsv200 | ||
| Sonicwall Nsv25 | ||
| Sonicwall Nsv270 | ||
| Sonicwall Nsv300 | ||
| Sonicwall Nsv400 | ||
| Sonicwall Nsv470 | ||
| Sonicwall Nsv50 | ||
| Sonicwall Nsv800 | ||
| Sonicwall Nsv870 | ||
| Sonicwall Tz270 | ||
| Sonicwall Tz270w | ||
| Sonicwall Tz370 | ||
| Sonicwall Tz370w | ||
| Sonicwall Tz470 | ||
| Sonicwall Tz470w | ||
| Sonicwall Tz570 | ||
| Sonicwall Tz570p | ||
| Sonicwall Tz570w | ||
| Sonicwall Tz670 | ||
| SonicWall SonicOS | <6.5.4.4-44v-21-2340 | |
| SonicWall SonicOS | <6.5.4.13-105n | |
| Sonicwall Nsa 2600 | ||
| Sonicwall Nsa 2650 | ||
| Sonicwall Nsa 3600 | ||
| Sonicwall Nsa 3650 | ||
| Sonicwall Nsa 4600 | ||
| Sonicwall Nsa 4650 | ||
| Sonicwall Nsa 5600 | ||
| Sonicwall Nsa 5650 | ||
| Sonicwall Nsa 6600 | ||
| Sonicwall Nsa 6650 | ||
| Sonicwall Sm 9200 | ||
| Sonicwall Sm 9250 | ||
| Sonicwall Sm 9400 | ||
| Sonicwall Sm 9450 | ||
| Sonicwall Sm 9600 | ||
| Sonicwall Sm 9650 | ||
| Sonicwall Soho 250 | ||
| Sonicwall Soho 250w | ||
| Sonicwall Sohow | ||
| Sonicwall Tz 300 | ||
| Sonicwall Tz 300p | ||
| Sonicwall Tz 300w | ||
| Sonicwall Tz 350 | ||
| Sonicwall Tz 400 | ||
| Sonicwall Tz 400w | ||
| Sonicwall Tz 500 | ||
| Sonicwall Tz 500w | ||
| Sonicwall Tz 600 | ||
| Sonicwall Tz 600p |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-39277?
CVE-2023-39277 is a post-authentication stack-based buffer overflow vulnerability in SonicOS that leads to a firewall crash.
Which versions of SonicOS are affected by CVE-2023-39277?
SonicOS version up to and excluding 7.0.1-5145 and 6.5.4.4-44v-21-2340 and 6.5.4.13-105n are affected by CVE-2023-39277.
What is the severity of CVE-2023-39277?
CVE-2023-39277 has a severity level of 6.5, which is considered medium.
How can I fix CVE-2023-39277?
To fix CVE-2023-39277, you should update SonicOS to a version that includes the necessary security patches.
Where can I find more information about CVE-2023-39277?
You can find more information about CVE-2023-39277 at the official SonicWall PSIRT website.
- collector/nvd-api
- collector/nvd-index
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/tags
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/sonicwall
- canonical/sonicwall sonicos
- canonical/sonicwall nsa2700
- canonical/sonicwall nsa3700
- canonical/sonicwall nsa4700
- canonical/sonicwall nsa5700
- canonical/sonicwall nsa6700
- canonical/sonicwall nssp10700
- canonical/sonicwall nssp11700
- canonical/sonicwall nssp13700
- canonical/sonicwall nssp15700
- canonical/sonicwall nsv10
- canonical/sonicwall nsv100
- canonical/sonicwall nsv1600
- canonical/sonicwall nsv200
- canonical/sonicwall nsv25
- canonical/sonicwall nsv270
- canonical/sonicwall nsv300
- canonical/sonicwall nsv400
- canonical/sonicwall nsv470
- canonical/sonicwall nsv50
- canonical/sonicwall nsv800
- canonical/sonicwall nsv870
- canonical/sonicwall tz270
- canonical/sonicwall tz270w
- canonical/sonicwall tz370
- canonical/sonicwall tz370w
- canonical/sonicwall tz470
- canonical/sonicwall tz470w
- canonical/sonicwall tz570
- canonical/sonicwall tz570p
- canonical/sonicwall tz570w
- canonical/sonicwall tz670
- canonical/sonicwall nsa 2600
- canonical/sonicwall nsa 2650
- canonical/sonicwall nsa 3600
- canonical/sonicwall nsa 3650
- canonical/sonicwall nsa 4600
- canonical/sonicwall nsa 4650
- canonical/sonicwall nsa 5600
- canonical/sonicwall nsa 5650
- canonical/sonicwall nsa 6600
- canonical/sonicwall nsa 6650
- canonical/sonicwall sm 9200
- canonical/sonicwall sm 9250
- canonical/sonicwall sm 9400
- canonical/sonicwall sm 9450
- canonical/sonicwall sm 9600
- canonical/sonicwall sm 9650
- canonical/sonicwall soho 250
- canonical/sonicwall soho 250w
- canonical/sonicwall sohow
- canonical/sonicwall tz 300
- canonical/sonicwall tz 300p
- canonical/sonicwall tz 300w
- canonical/sonicwall tz 350
- canonical/sonicwall tz 400
- canonical/sonicwall tz 400w
- canonical/sonicwall tz 500
- canonical/sonicwall tz 500w
- canonical/sonicwall tz 600
- canonical/sonicwall tz 600p