CVE-2022-23219

Updated: 2024-11-24 03:44:25.867794

Description:

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.5
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU glibc 2.34 9.8 CRITICAL Not Vulnerable 2023-11-08 08:36:04
CentOS 6 ELS glibc 2.12 9.8 CRITICAL Released CLSA-2022:1643818516 2022-05-05 12:04:31
CentOS 7 ELS glibc 2.17 9.8 CRITICAL Released CLSA-2024:1720027216 2024-07-19 05:03:39
CentOS 8.4 ELS glibc 2.28 9.8 CRITICAL Released CLSA-2022:1645700784 2022-02-24 12:09:11
CentOS 8.5 ELS glibc 2.28 9.8 CRITICAL Released CLSA-2022:1645700971 2022-02-24 12:08:39
CloudLinux 6 ELS glibc 2.12 9.8 CRITICAL Released CLSA-2022:1643819200 2022-04-07 13:05:19
Oracle Linux 6 ELS glibc 2.12 9.8 CRITICAL Released CLSA-2022:1643819053 2022-02-02 14:31:58
Ubuntu 16.04 ELS glibc 2.23-0 9.8 CRITICAL Released CLSA-2022:1643819084 2022-02-02 14:31:57
Ubuntu 18.04 ELS glibc 2.27-3 9.8 CRITICAL Already Fixed 2023-04-28 08:48:28