Headline
CVE-2022-23218: 28768 – Buffer overflow in svcunix_create with long pathnames
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Bug 28768 - Buffer overflow in svcunix_create with long pathnames
Summary: Buffer overflow in svcunix_create with long pathnames
Status:
ASSIGNED
Alias:
None
Product:
glibc
Classification:
Unclassified
Component:
network (show other bugs)
Version:
2.34
Importance:
P2 normal
Target Milestone:
—
Assignee:
Florian Weimer
URL:
Keywords:
Depends on:
Blocks:
Reported:
2022-01-12 09:40 UTC by Florian Weimer
Modified:
2022-01-12 09:40 UTC (History)
CC List:
1 user (show)
See Also:
- 22542
Host:
Target:
Build:
Last reconfirmed:
Flags:
fweimer: security+
Attachments
Add an attachment (proposed patch, testcase, etc.)
Note You need to log in before you can comment on or make changes to this bug.