### [CVE-2021-20048](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20048)
![](https://img.shields.io/static/v1?label=Product&message=SonicOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=5.9.1.13%20and%20earlier%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.0.5.3-94o%20and%20earlier%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.5.1.13-1n%20and%20earlier%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.5.4.8-89n%20and%20earlier%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.5.4.v_21s-1288%20and%20earlier%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.0.1-5018-R1715%20and%20earlier%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.0.1-5023-1349%20and%20earlier%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.0.1-R146%20and%20earlier%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brightgreen)

### Description

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/GANGE666/Vulnerabilities