Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-5134

Summary
Assigner-sonicwall
Assigner Org ID-44b2ff79-1416-4492-88bb-ed0da00c7315
Published At-12 Oct, 2020 | 10:40
Updated At-04 Aug, 2024 | 08:22
Rejected At-
Credits

A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:sonicwall
Assigner Org ID:44b2ff79-1416-4492-88bb-ed0da00c7315
Published At:12 Oct, 2020 | 10:40
Updated At:04 Aug, 2024 | 08:22
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

Affected Products
Vendor
SonicWall Inc.SonicWall
Product
SonicOS
Versions
Affected
  • SonicOS 6.5.1.11-4n and earlier
  • SonicOS 6.0.5.3-93o and earlier
  • SonicOSv 6.5.4.4-44v-21-794 and earlier
  • SonicOS 7.0.0.0-1
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125: Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125: Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0009
x_refsource_CONFIRM
Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0009
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0009
x_refsource_CONFIRM
x_transferred
Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0009
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:PSIRT@sonicwall.com
Published At:12 Oct, 2020 | 11:15
Updated At:23 Oct, 2020 | 00:57

A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P
CPE Matches

SonicWall Inc.
sonicwall
>>sonicos>>Versions up to 6.0.5.3(inclusive)
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>sonicos>>Versions from 6.5.0.0(inclusive) to 6.5.1.11(inclusive)
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>sonicos>>7.0.0.0
cpe:2.3:o:sonicwall:sonicos:7.0.0.0:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>sonicosv>>Versions up to 6.5.4.4(inclusive)
cpe:2.3:o:sonicwall:sonicosv:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE-125SecondaryPSIRT@sonicwall.com
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-125
Type: Secondary
Source: PSIRT@sonicwall.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0009PSIRT@sonicwall.com
Vendor Advisory
Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0009
Source: PSIRT@sonicwall.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

63Records found

CVE-2024-36504
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.70% / 49.16%
||
7 Day CHG+0.01%
Published-14 Jan, 2025 | 14:09
Updated-22 Jul, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosFortiOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-32320
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 8.22%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 21:34
Updated-19 Mar, 2026 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.

Action-Not Available
Vendor-ellanetworksellanetworks
Product-ella_corecore
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-25627
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 37.78%
||
7 Day CHG~0.00%
Published-30 Mar, 2026 | 20:11
Updated-02 Apr, 2026 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nanomq: OOB Read / Crash (DoS) via Malformed MQTT Remaining Length over WebSocket

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path copies Remaining Length bytes without verifying that the current receive buffer contains that many bytes, resulting in an out-of-bounds read (ASAN reports OOB / crash). This is remotely triggerable over the WebSocket listener. This issue has been patched in version 0.24.8.

Action-Not Available
Vendor-emqxnanomq
Product-nanomqnanomq
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-0116
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.47% / 37.42%
||
7 Day CHG~0.00%
Published-01 Oct, 2024 | 04:46
Updated-29 Sep, 2025 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncNVIDIA Corporation
Product-linux_kerneltriton_inference_serverTriton Inference Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-3824
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.82% / 85.00%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 15:00
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxSamba
Product-ubuntu_linuxdebian_linuxsamban/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-0136
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:51
Updated-16 Jun, 2026 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-0127
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:51
Updated-16 Jun, 2026 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NrmmMsgCodec::DecodeUPUTransparentContext of cn_NrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communication processor crash with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-39995
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 43.50%
||
7 Day CHG~0.00%
Published-29 Nov, 2021 | 15:34
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ecns280_tdese620x_vess_firmwareecns280_td_firmwareese620x_vesseCNS280_TD;eSE620X vESS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-47978
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.91% / 77.42%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Denial of Service Vulnerability

Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2025windows_server_2022Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2022
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-22790
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-6.5||MEDIUM
EPSS-0.83% / 53.53%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 16:52
Updated-29 May, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-modicon_m580_bmep584020modicon_premium_tsxp57_554mmodicon_m580_bmep585040cmodicon_quantum_140cpu65150cmodicon_m580_bmep584040modicon_momentum_171cbu98090modicon_quantum_140cpu65150modicon_mc80_bmkc8020310modicon_quantum_140cpu65160cmodicon_m580_bmeh584040cmodicon_m580_bmep586040modicon_m580_bmeh584040splc_simulator_for_ecostruxure_control_expertmodicon_mc80_bmkc8030311modicon_m340_bmxp341000modicon_m580_bmep581020modicon_m580_bmep582020hmodicon_premium_tsxp57_454mmodicon_premium_tsxp57_5634mmodicon_m580_bmep582020modicon_m580_bmeh582040plc_simulator_for_ecostruxure_process_expertmodicon_m340_bmxp342030modicon_momentum_171cbu78090modicon_m580_bmep582040modicon_m580_bmep584040smodicon_premium_tsxp57_4634mmodicon_m580_bmeh586040modicon_m340_bmxp342010modicon_m580_bmep585040modicon_premium_tsxp57_2834mmodicon_m580_bmeh582040smodicon_m580_bmeh582040cmodicon_m580_bmep583040modicon_mc80_bmkc8020301modicon_premium_tsxp57_1634mmodicon_m340_bmxp342020modicon_m580_bmep582040smodicon_quantum_140cpu65160modicon_m580_bmep586040cmodicon_momentum_171cbu98091modicon_m580_bmep581020hmodicon_m580_bmep582040hmodicon_m580_bmeh584040modicon_m580_bmeh586040cmodicon_m580_bmeh586040smodicon_premium_tsxp57_2634mmodicon_m580_bmep583020modicon_premium_tsxp57_6634mModicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-20266
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-1.71% / 74.73%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 11:22
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-rpmn/aFedora Project
Product-fedorarpmrpm
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9071
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 46.35%
||
7 Day CHG~0.00%
Published-01 Jun, 2020 | 14:02
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ar2200_firmwarear1200ar3200_firmwarear2200srg1300srg1300_firmwaresrg3300_firmwaresrg2300_firmwaresrg3300netengine16exar1200-s_firmwarear120-s_firmwarear200-sar120-sar510ar150-sar160srg2300ar150_firmwarear2200-sar510_firmwarear150-s_firmwarear1200-sar3600ar150ar3200ar1200_firmwarear200-s_firmwarear200ar3600_firmwarear160_firmwarear2200-s_firmwarear200_firmwarenetengine16ex_firmwareAR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;AR510;NetEngine16EX;SRG1300;SRG2300;SRG3300
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-25713
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.14% / 80.02%
||
7 Day CHG~0.00%
Published-13 May, 2021 | 14:27
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.

Action-Not Available
Vendor-librdfn/aDebian GNU/LinuxFedora Project
Product-debian_linuxraptor_rdf_syntax_libraryfedoraraptor2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • Next
Details not found