CVE-2022-0324

Buffer Overflow in Dhcp6relay in Software for Open Networking in the Cloud (SONiC)

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown.

Discovered by Eugene Lim of GovTech Singapore.

Existe una vulnerabilidad en el código de análisis de paquetes DHCPv6 que un atacante remoto podría explorar para crear un paquete que podría provocar un desbordamiento del búfer en una llamada a memcpy, lo que provocaría una escritura de memoria fuera de los límites que provocaría el fallo de dhcp6relay. Dhcp6relay es un proceso crítico y podría provocar que la ventana acoplable de relé dhcp se apague. Descubierto por Eugene Lim de GovTech Singapur.

*Credits: N/A

CVSS Scores

NISTv3.1 7.5
Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)v3.1 8.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-01-21 CVE Reserved
2022-11-14 CVE Published
2024-06-06 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-787: Out-of-bounds Write

CAPEC

CAPEC-100: Overflow Buffers

References (2)

URL	Tag	Source
https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9	Third Party Advisory
https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linuxfoundation Search vendor "Linuxfoundation"		Software For Open Networking In The Cloud Search vendor "Linuxfoundation" for product "Software For Open Networking In The Cloud"				202111 Search vendor "Linuxfoundation" for product "Software For Open Networking In The Cloud" and version "202111"		-		Affected