CVE-2022-23219
14.01.2022, 07:15
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Vendor | Product | Version |
---|---|---|
gnu | glibc | 𝑥 ≤ 2.34 |
oracle | communications_cloud_native_core_binding_support_function | 22.1.3 |
oracle | communications_cloud_native_core_network_function_cloud_native_environment | 22.1.0 |
oracle | communications_cloud_native_core_network_repository_function | 22.1.2 |
oracle | communications_cloud_native_core_network_repository_function | 22.2.0 |
oracle | communications_cloud_native_core_security_edge_protection_proxy | 22.1.1 |
oracle | communications_cloud_native_core_unified_data_repository | 22.2.0 |
oracle | enterprise_operations_monitor | 4.3 |
oracle | enterprise_operations_monitor | 4.4 |
oracle | enterprise_operations_monitor | 5.0 |
debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
eglibc |
| ||||||||||||||||||||
glibc |
|
References