The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
References
Link | Resource |
---|---|
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202208-24 | Third Party Advisory |
https://sourceware.org/bugzilla/show_bug.cgi?id=22542 | Exploit Issue Tracking Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
08 Nov 2022, 13:32
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
First Time |
Debian debian Linux
Debian |
17 Oct 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Aug 2022, 10:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:enterprise_operations_monitor:4.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:* |
|
First Time |
Oracle communications Cloud Native Core Unified Data Repository
Oracle enterprise Operations Monitor Oracle communications Cloud Native Core Binding Support Function Oracle communications Cloud Native Core Network Function Cloud Native Environment Oracle communications Cloud Native Core Network Repository Function Oracle Oracle communications Cloud Native Core Security Edge Protection Proxy |
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202208-24 - Third Party Advisory |
15 Aug 2022, 11:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2022, 18:21
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Jan 2022, 16:48
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-120 | |
First Time |
Gnu
Gnu glibc |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* | |
References | (MISC) https://sourceware.org/bugzilla/show_bug.cgi?id=22542 - Exploit, Issue Tracking, Third Party Advisory |
14 Jan 2022, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-14 07:15
Updated : 2023-12-10 14:09
NVD link : CVE-2022-23219
Mitre link : CVE-2022-23219
CVE.ORG link : CVE-2022-23219
JSON object : View
Products Affected
oracle
- communications_cloud_native_core_binding_support_function
- enterprise_operations_monitor
- communications_cloud_native_core_unified_data_repository
- communications_cloud_native_core_network_function_cloud_native_environment
- communications_cloud_native_core_network_repository_function
- communications_cloud_native_core_security_edge_protection_proxy
gnu
- glibc
debian
- debian_linux
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')