CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0324 – Buffer Overflow in Dhcp6relay in Software for Open Networking in the Cloud (SONiC)
https://notcve.org/view.php?id=CVE-2022-0324
There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore. Existe una vulnerabilidad en el código de análisis de paquetes DHCPv6 que un atacante remoto podría explorar para crear un paquete que podría provocar un desbordamiento del búfer en una llamada a memcpy, lo que provocaría una escritura de memoria fuera de los límites que provocaría el fallo de dhcp6relay. Dhcp6relay es un proceso crítico y podría provocar que la ventana acoplable de relé dhcp se apague. Descubierto por Eugene Lim de GovTech Singapur. • https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9 https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •