A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sonicos | Sonicwall | * | 5.9.1.13 (including) |
| Sonicos | Sonicwall | 6.0.0.0 (including) | 6.0.5.3 (including) |
| Sonicos | Sonicwall | 6.5.0.0 (including) | 6.5.1.11 (including) |
| Sonicos | Sonicwall | 6.5.4.0 (including) | 6.5.4.7 (including) |
| Sonicos | Sonicwall | 7.0.0.0 (including) | 7.0.0.0 (including) |
| Sonicosv | Sonicwall | * | 6.5.4.4 (including) |
This weakness can take several forms, such as: