CVE-2022-22274Stack-based Buffer Overflow in Sonicos

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write7 documents6 sources
Severity
9.8CRITICALNVD
EPSS
47.0%
top 2.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sonicwall SonicosSonicwall Sonicosv
Timeline
PublishedMar 25
Latest updateApr 2

Description

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDsonicwall/sonicos7.0.1-5050+1
NVDsonicwall/sonicosv6.5.4.4-44v-21-1452
CVEListV5sonicwall/sonicosSonicOS 7.0.1-5050 and earlier, SonicOS 7.0.1-R579 and earlier, SonicOSv 6.5.4.4-44v-21-1452 and earlier+2

🔴Vulnerability Details

3
GHSA
GHSA-8348-4cmv-mvvp: A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS)2022-03-27
CVEList
CVE-2022-22274: A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS)2022-03-25
VulnCheck
SonicWall sonicos Stack-based Buffer Overflow2022

🔍Detection Rules

2
Suricata
ET WEB_SPECIFIC_APPS SonicWall SonicOS Unauthenticated Stack-Based Buffer Overflow (CVE-2022-22274) M12025-04-02
Suricata
ET WEB_SPECIFIC_APPS SonicWall SonicOS Unauthenticated Stack-Based Buffer Overflow (CVE-2022-22274) M22025-04-02

🕵️Threat Intelligence

1
Bleepingcomputer
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks2024-01-15
CVE-2022-22274 — Stack-based Buffer Overflow in Sonicos | cvebase