CVE-2022-23219

Description

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

CVSS Metrics

• v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
• v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.57%• Percentile: 69%

Techniques & Countermeasures

• CWE-120•Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

  The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Affected Systems

• debian•debian_linux

  10.0

• gnu•glibc

  < 2.31

• oracle•communications_cloud_native_core_binding_support_function

  22.1.3

• oracle•communications_cloud_native_core_network_function_cloud_native_environment

  22.1.0

• oracle•communications_cloud_native_core_network_repository_function

  22.1.2 | 22.2.0

• oracle•communications_cloud_native_core_security_edge_protection_proxy

  22.1.1

• oracle•communications_cloud_native_core_unified_data_repository

  22.2.0

• oracle•enterprise_operations_monitor

  4.3 | 4.4 | 5.0

References (4)

• https://www.oracle.com/security-alerts/cpujul2022.html
• https://sourceware.org/bugzilla/show_bug.cgi?id=22542
• https://security.gentoo.org/glsa/202208-24
• https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html