CVE-2022-0324 — HIGH (8.1) — White Hats Nepal

Vulnerability Description

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linuxfoundation	Software For Open Networking In The Cloud	202111

Related Weaknesses (CWE)

CWE-120 CWE-787

References

https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrqThird Party Advisory
https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.htmlThird Party Advisory
https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrqThird Party Advisory
https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.htmlThird Party Advisory

FAQ

What is CVE-2022-0324?

CVE-2022-0324 is a vulnerability with a CVSS score of 8.1 (HIGH). There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory wr...

How severe is CVE-2022-0324?

CVE-2022-0324 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-0324?

Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Software For Open Networking In The Cloud.