CVE-2022-0324

HIGH

SONiC DHCPv6 Relay - Remote Denial of Service via Malformed DHCPv6 Packet

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-0324. PoCs published by ngtuonghung.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2022-0324, a heap-based buffer overflow in the dhcp6relay component of SONiC (Software for Open Networking in the Cloud). The exploit sends a maliciously crafted DHCPv6 Relay-Reply packet with an oversized option length to trigger the vulnerability.

Description

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore.

Exploits (1)

nomisec WORKING POC

by ngtuonghung · poc

https://github.com/ngtuonghung/CVE-2022-0324

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2022-0324, a heap-based buffer overflow in the dhcp6relay component of SONiC (Software for Open Networking in the Cloud). The exploit sends a maliciously crafted DHCPv6 Relay-Reply packet with an oversized option length to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: SONiC dhcp6relay (version not explicitly specified, but likely affected versions include those before the patch)

No auth needed

Prerequisites: Docker environment · Network access to the target dhcp6relay service · IPv6 connectivity

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory

https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9

Third Party Advisory

https://govtech-csg.github.io/security-advisories/2022/11/14/CVE-2022-0324.html

Scores

CVSS v3 8.1

EPSS 0.0111

EPSS Percentile 61.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-120 CWE-787

Status published

Products (1)

linuxfoundation/software_for_open_networking_in_the_cloud 202111

Published Nov 14, 2022

Tracked Since Feb 18, 2026