Vulnerability detail

Enriched intelligence for a single CVE

9.8

CVSS
Critical

CVE-2022-22274

PUBLISHED

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service...

Exploited in the wild PoC available Remote Low complexity No user interaction

Vendor: SonicWall
Product: SonicOS
Published: Mar 25, 2022
EPSS: —

Description

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.

edge

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 7.5

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation status

Exploited in the wild

Recorded 2025-04-22 00:00:00 UTC · Source

Proof of concept available

Recorded 2024-01-12 20:03:51 UTC · Source

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
The Shadowserver (via CIRCL)	Apr 28, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

BishopFox/CVE-2022-22274_CVE-2023-0656

github · Created 2024-01-12 20:03:51 UTC · 19 stars

4lucardSec/Sonic_CVE-2022-22274_poc

github · Created 2023-01-14 17:15:53 UTC · 6 stars

Timeline

CVE ID Reserved

December 29, 2021
CVE Published to Public

March 25, 2022
Proof of Concept Exploit Available

January 12, 2024
Added to KEVIntel

April 28, 2025