Vulnerability Details CVE-2022-0324
There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown.
Discovered by Eugene Lim of GovTech Singapore.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.2%
CVSS Severity
CVSS v3 Score 8.1
References
- https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9
- https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html
- https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9
- https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html
Products affected by CVE-2022-0324
-
cpe:2.3:a:linuxfoundation:software_for_open_networking_in_the_cloud:202111