Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-0324

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore.

Published

2022-11-14T17:15:09.987

Last Modified

2024-11-21T06:38:22.893

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-120
Type: Primary
CWE-120
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	linuxfoundation	software_for_open_networking_in_the_cloud	202111	Yes

References

https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9 Third Party Advisory ([email protected])
https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html Third Party Advisory ([email protected])
https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)