CVE-2022-22274

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service...

Basic Information

CVE State: PUBLISHED
Reserved Date: December 29, 2021
Published Date: March 25, 2022
Last Updated: August 03, 2024
Vendor: SonicWall
Product: SonicOS
Description: A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

Score: 37.32% (Percentile: 96.96%) as of 2025-05-26

Exploit Status

Exploited in the Wild: Yes (2025-05-05 00:00:00 UTC) Source

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-04-28 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

BishopFox/CVE-2022-22274_CVE-2023-0656

Type: github • Created: 2024-01-12 20:03:51 UTC • Stars: 19

4lucardSec/Sonic_CVE-2022-22274_poc

Type: github • Created: 2023-01-14 17:15:53 UTC • Stars: 6

Timeline

CVE ID Reserved

December 29, 2021
CVE Published to Public

March 25, 2022
Added to KEVIntel

April 28, 2025