Vulnerability CVE-2022-23219: Information

Description

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-23219
Published: Jan. 14, 2022
Modified: Nov. 8, 2022
Error type identifier: CWE-120

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
glibcsisyphus2.34.0.33.a996d-alt12.38.0.76.e9f05fa1c6-alt1ALT-PU-2021-3034-1286110Fixed
glibcsisyphus_e2k2.35.0.234.3f63f9dfe1-alt1.E2K.27.020.22.35.0.234.3f63f9dfe1-alt1.E2K.27.020.4ALT-PU-2024-1492-1-Fixed
glibcsisyphus_riscv642.34.0.39.024a7-alt1.rv642.38.0.44.d37c2b20a4-alt1ALT-PU-2021-4728-1-Fixed
glibcp102.32-alt52.32-alt5.p10.3ALT-PU-2022-2917-1307861Fixed
glibcc10f12.32-alt52.32-alt5.p10.3ALT-PU-2022-2917-1307861Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://sourceware.org/bugzilla/show_bug.cgi?id=22542
  • Exploit
  • Issue Tracking
  • Third Party Advisory
N/A
  • Patch
  • Third Party Advisory
GLSA-202208-24
  • Third Party Advisory
[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update
  • Mailing List
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
      End including
      2.34

      Configuration 2

      cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*
      cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
      cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*
      cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*
      cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*
      cpe:2.3:a:oracle:enterprise_operations_monitor:4.3:*:*:*:*:*:*:*
      cpe:2.3:a:oracle:enterprise_operations_monitor:4.4:*:*:*:*:*:*:*
      cpe:2.3:a:oracle:enterprise_operations_monitor:5.0:*:*:*:*:*:*:*
      cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top