Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Buffer Overflow in Dhcp6relay in Software for Open Networking in the Cloud (SONiC)
Vulnerability Description
There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Vulnerability Title
sonic-buildimage 安全漏洞
Vulnerability Description
sonic-buildimage是SONiC开源的一个库。为 SONiC 执行可安装二进制映像构建的脚本 sonic-buildimage 存在安全漏洞,该漏洞源于DHCPv6数据包解析代码中存在一个漏洞,攻击者利用该漏洞可以制作一个数据包,导致 memcpy 调用中的缓冲区溢出,从而导致内存写入越界,从而导致 dhcp6relay 崩溃。
CVSS Information
N/A
Vulnerability Type
N/A