fkie_cve-2022-0324
Vulnerability from fkie_nvd
Published
2022-11-14 17:15
Modified
2024-11-21 06:38
Severity ?
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore.
References
cve_disclosure@tech.gov.sghttps://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9Third Party Advisory
cve_disclosure@tech.gov.sghttps://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.htmlThird Party Advisory
Impacted products
Vendor Product Version
linuxfoundation software_for_open_networking_in_the_cloud 202111


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:linuxfoundation:software_for_open_networking_in_the_cloud:202111:*:*:*:*:*:*:*",
              "matchCriteriaId": "469B150C-C666-4EC9-8558-97CEF694D851",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown.\n\nDiscovered by Eugene Lim of GovTech Singapore.\n"
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad en el c\u00f3digo de an\u00e1lisis de paquetes DHCPv6 que un atacante remoto podr\u00eda explorar para crear un paquete que podr\u00eda provocar un desbordamiento del b\u00fafer en una llamada a memcpy, lo que provocar\u00eda una escritura de memoria fuera de los l\u00edmites que provocar\u00eda el fallo de dhcp6relay. Dhcp6relay es un proceso cr\u00edtico y podr\u00eda provocar que la ventana acoplable de rel\u00e9 dhcp se apague. Descubierto por Eugene Lim de GovTech Singapur."
    }
  ],
  "id": "CVE-2022-0324",
  "lastModified": "2024-11-21T06:38:22.893",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "cve_disclosure@tech.gov.sg",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-14T17:15:09.987",
  "references": [
    {
      "source": "cve_disclosure@tech.gov.sg",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9"
    },
    {
      "source": "cve_disclosure@tech.gov.sg",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html"
    }
  ],
  "sourceIdentifier": "cve_disclosure@tech.gov.sg",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "cve_disclosure@tech.gov.sg",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.