Headline
CVE-2022-23219: 22542 – buffer overflow in sunrpc clnt_create
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Bug 22542 - buffer overflow in sunrpc clnt_create
Summary: buffer overflow in sunrpc clnt_create
Status:
ASSIGNED
Alias:
None
Product:
glibc
Classification:
Unclassified
Component:
network (show other bugs)
Version:
2.24
Importance:
P2 normal
Target Milestone:
—
Assignee:
Florian Weimer
URL:
Keywords:
Depends on:
Blocks:
Reported:
2017-12-03 22:27 UTC by Martin Sebor
Modified:
2022-01-12 16:22 UTC (History)
CC List:
3 users (show)
See Also:
- 28768
Host:
Target:
Build:
Last reconfirmed:
2018-02-06 00:00:00
Flags:
fweimer: security+
Attachments
Add an attachment (proposed patch, testcase, etc.)
Note You need to log in before you can comment on or make changes to this bug.