CVE-2022-23219
glibc: Stack-based buffer overflow in sunrpc clnt_create via a long pathname
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
La función de compatibilidad obsoleta clnt_create en el módulo sunrpc de la Biblioteca C de GNU (también se conoce como glibc) versiones hasta 2.34, copia su argumento de nombre de host en la pila sin comprobar su longitud, que puede resultar en un desbordamiento de búfer, resultando potencialmente en una denegación de servicio o (si una aplicación no está construida con un protector de pila habilitado) la ejecución de código arbitrario
A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clnt_create() in the sunrpc's clnt_gen.c module of the GNU C Library (aka glibc) through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) lead to arbitrary code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-14 CVE Reserved
- 2022-01-14 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-09-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=22542 | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2022.html | 2022-11-08 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202208-24 | 2022-11-08 | |
| https://access.redhat.com/security/cve/CVE-2022-23219 | 2022-03-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2042017 | 2022-03-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | <= 2.34 Search vendor "Gnu" for product "Glibc" and version " <= 2.34" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Binding Support Function Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" | 22.1.3 Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "22.1.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Function Cloud Native Environment Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment" | 22.1.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment" and version "22.1.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Repository Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" | 22.1.2 Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "22.1.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Repository Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" | 22.2.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "22.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Security Edge Protection Proxy Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy" | 22.1.1 Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy" and version "22.1.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Unified Data Repository Search vendor "Oracle" for product "Communications Cloud Native Core Unified Data Repository" | 22.2.0 Search vendor "Oracle" for product "Communications Cloud Native Core Unified Data Repository" and version "22.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Operations Monitor Search vendor "Oracle" for product "Enterprise Operations Monitor" | 4.3 Search vendor "Oracle" for product "Enterprise Operations Monitor" and version "4.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Operations Monitor Search vendor "Oracle" for product "Enterprise Operations Monitor" | 4.4 Search vendor "Oracle" for product "Enterprise Operations Monitor" and version "4.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Operations Monitor Search vendor "Oracle" for product "Enterprise Operations Monitor" | 5.0 Search vendor "Oracle" for product "Enterprise Operations Monitor" and version "5.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||