CVE-2022-0324 - Vulnerability Details - OpenCVE

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown.

Discovered by Eugene Lim of GovTech Singapore.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00975.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linuxfoundation	Software For Open Networking In The Cloud

Configuration 1 [-]

cpe:2.3:a:linuxfoundation:software_for_open_networking_in_the_cloud:202111:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-15492	There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9
https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html

History

Wed, 30 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published: 2022-11-14T16:08:34.224Z

Updated: 2025-04-30T13:37:45.488Z

Reserved: 2022-01-21T01:21:20.305Z

Link: CVE-2022-0324

Vulnrichment

Updated: 2024-08-02T23:25:39.548Z

NVD

Status : Modified

Published: 2022-11-14T17:15:09.987

Modified: 2024-11-21T06:38:22.893

Link: CVE-2022-0324

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-0324", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "requesterUserId": "26d1c047-c31c-4646-bd07-241f86433aca", "dateReserved": "2022-01-21T01:21:20.305Z", "datePublished": "2022-11-14T16:08:34.224Z", "dateUpdated": "2025-04-30T13:37:45.488Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Software for Open Networking in the Cloud (SONiC)", "repo": "https://github.com/sonic-net/sonic-buildimage", "vendor": "Linux Foundation", "versions": [{"status": "affected", "version": "202111"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown.<br><br>Discovered by Eugene Lim of GovTech Singapore.<br>"}], "value": "There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown.\n\nDiscovered by Eugene Lim of GovTech Singapore.\n"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2022-11-14T16:12:37.331Z"}, "references": [{"url": "https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9"}, {"url": "https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Buffer Overflow in Dhcp6relay in Software for Open Networking in the Cloud (SONiC)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:25:39.548Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9", "tags": ["x_transferred"]}, {"url": "https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-30T13:37:32.242628Z", "id": "CVE-2022-0324", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T13:37:45.488Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9", "tags": ["x_transferred"]}, {"url": "https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:25:39.548Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-0324", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-30T13:37:32.242628Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T13:37:36.443Z"}}], "cna": {"title": "Buffer Overflow in Dhcp6relay in Software for Open Networking in the Cloud (SONiC)", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/sonic-net/sonic-buildimage", "vendor": "Linux Foundation", "product": "Software for Open Networking in the Cloud (SONiC)", "versions": [{"status": "affected", "version": "202111"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9"}, {"url": "https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown.\n\nDiscovered by Eugene Lim of GovTech Singapore.\n", "supportingMedia": [{"type": "text/html", "value": "There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown.<br><br>Discovered by Eugene Lim of GovTech Singapore.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2022-11-14T16:12:37.331Z"}}}, "cveMetadata": {"cveId": "CVE-2022-0324", "state": "PUBLISHED", "dateUpdated": "2025-04-30T13:37:45.488Z", "dateReserved": "2022-01-21T01:21:20.305Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2022-11-14T16:08:34.224Z", "requesterUserId": "26d1c047-c31c-4646-bd07-241f86433aca", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:software_for_open_networking_in_the_cloud:202111:*:*:*:*:*:*:*", "matchCriteriaId": "469B150C-C666-4EC9-8558-97CEF694D851", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown.\n\nDiscovered by Eugene Lim of GovTech Singapore.\n"}, {"lang": "es", "value": "Existe una vulnerabilidad en el c\u00f3digo de an\u00e1lisis de paquetes DHCPv6 que un atacante remoto podr\u00eda explorar para crear un paquete que podr\u00eda provocar un desbordamiento del b\u00fafer en una llamada a memcpy, lo que provocar\u00eda una escritura de memoria fuera de los l\u00edmites que provocar\u00eda el fallo de dhcp6relay. Dhcp6relay es un proceso cr\u00edtico y podr\u00eda provocar que la ventana acoplable de rel\u00e9 dhcp se apague. Descubierto por Eugene Lim de GovTech Singapur."}], "id": "CVE-2022-0324", "lastModified": "2024-11-21T06:38:22.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-14T17:15:09.987", "references": [{"source": "cve_disclosure@tech.gov.sg", "tags": ["Third Party Advisory"], "url": "https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9"}, {"source": "cve_disclosure@tech.gov.sg", "tags": ["Third Party Advisory"], "url": "https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-120"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}