CVE-2022-30279 — NULL Pointer Dereference in Network Security

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 39.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Stormshield Network Security

Timeline

PublishedMay 12

Latest updateMay 13

Description

An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDstormshield/stormshield_network_security4.3.3 — 4.3.8

🔴Vulnerability Details

GHSA

GHSA-72fp-3vm2-65g5: An issue was discovered in Stormshield Network Security (SNS) 4↗2022-05-13

▶

CVEList

CVE-2022-30279: An issue was discovered in Stormshield Network Security (SNS) 4↗2022-05-12

▶