CVE-2022-23219
14.01.2022, 07:15
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 𝑥 ≤ 2.34 |
| oracle | communications_cloud_native_core_binding_support_function | 22.1.3 |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 22.1.0 |
| oracle | communications_cloud_native_core_network_repository_function | 22.1.2 |
| oracle | communications_cloud_native_core_network_repository_function | 22.2.0 |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 22.1.1 |
| oracle | communications_cloud_native_core_unified_data_repository | 22.2.0 |
| oracle | enterprise_operations_monitor | 4.3 |
| oracle | enterprise_operations_monitor | 4.4 |
| oracle | enterprise_operations_monitor | 5.0 |
| debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| eglibc |
| ||||||||||||||||||||
| glibc |
|
References