CVE-2022-0324

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9	Third Party Advisory
https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:linuxfoundation:software_for_open_networking_in_the_cloud:202111:*:*:*:*:*:*:*

History

07 Nov 2023, 03:41

Type	Values Removed	Values Added
Summary	There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore.	There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore.

Information

Published : 2022-11-14 17:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-0324

Mitre link : CVE-2022-0324

CVE.ORG link : CVE-2022-0324

JSON object : View

Products Affected

linuxfoundation

software_for_open_networking_in_the_cloud

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-787

Out-of-bounds Write

{"id": "CVE-2022-0324", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve_disclosure@tech.gov.sg", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2022-11-14T17:15:09.987", "references": [{"url": "https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9", "tags": ["Third Party Advisory"], "source": "cve_disclosure@tech.gov.sg"}, {"url": "https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html", "tags": ["Third Party Advisory"], "source": "cve_disclosure@tech.gov.sg"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}, {"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "cve_disclosure@tech.gov.sg", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown.\n\nDiscovered by Eugene Lim of GovTech Singapore.\n"}, {"lang": "es", "value": "Existe una vulnerabilidad en el c\u00f3digo de an\u00e1lisis de paquetes DHCPv6 que un atacante remoto podr\u00eda explorar para crear un paquete que podr\u00eda provocar un desbordamiento del b\u00fafer en una llamada a memcpy, lo que provocar\u00eda una escritura de memoria fuera de los l\u00edmites que provocar\u00eda el fallo de dhcp6relay. Dhcp6relay es un proceso cr\u00edtico y podr\u00eda provocar que la ventana acoplable de rel\u00e9 dhcp se apague. Descubierto por Eugene Lim de GovTech Singapur."}], "lastModified": "2023-11-07T03:41:12.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:software_for_open_networking_in_the_cloud:202111:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "469B150C-C666-4EC9-8558-97CEF694D851"}], "operator": "OR"}]}], "sourceIdentifier": "cve_disclosure@tech.gov.sg"}