CVE-2022-0324

Опубликовано: 14 нояб. 2022

Источник: nvd

CVSS3: 8.1

CVSS3: 7.5

EPSS Низкий

Описание

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown.

Discovered by Eugene Lim of GovTech Singapore.

Ссылки

https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9
Third Party Advisory
https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html
Third Party Advisory
https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9
Third Party Advisory
https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:linuxfoundation:software_for_open_networking_in_the_cloud:202111:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00888

Низкий

8.1 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-120

Связанные уязвимости

GHSA-cq4f-m4r6-7827

CVSS3: 7.5

github

около 3 лет назад

EPSS

Процентиль: 75%

0.00888

Низкий

8.1 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-120