CVE-2022-27812
published 2022-08-24CVE-2022-27812: Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS.
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.66%
46.8th percentile
Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stormshield | stormshield_network_security | >= 3.11.0 < 3.11.18 | 3.11.18 |
| stormshield | stormshield_network_security | >= 3.7.0 < 3.7.30 | 3.7.30 |
| stormshield | stormshield_network_security | >= 4.2.0 < 4.2.11 | 4.2.11 |
| stormshield | stormshield_network_security | >= 4.3.0 < 4.3.7 | 4.3.7 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Stormshield SNS Firewall up to 3.7.26 UDP Handler/ICMP resource consumption (EUVD-2022-32307)
vuldb·2026-05-15·CVSS 7.5
CVE-2022-27812 [HIGH] Stormshield SNS Firewall up to 3.7.26 UDP Handler/ICMP resource consumption (EUVD-2022-32307)
A vulnerability marked as problematic has been reported in Stormshield SNS Firewall up to 3.7.26. Impacted is an unknown function of the component UDP Handler/ICMP Handler. The manipulation leads to resource consumption.
This vulnerability is listed as CVE-2022-27812. The attack may be initiated remotely. There is no available exploit.
GHSA
GHSA-3qrj-m697-ww2v: Flooding SNS firewall 3
ghsa_unreviewed·2022-08-25
CVE-2022-27812 [HIGH] CWE-400 GHSA-3qrj-m697-ww2v: Flooding SNS firewall 3
Flooding SNS firewall 3.7.0 to 3.7.26 with udp or icmp randomizing the source through an internal to internal or external to internal interfaces will lead the firewall to overwork. It will consume 100% CPU, 100 RAM and won't be available and can crash.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-08-24
Published