Buffer Overflow Vulnerability in GNU C Library's sunrpc Module
CVE-2022-23219

9.8CRITICAL

Key Information:

Vendor: Gnu
Status: Glibc
Vendor: CVE Published:; 14 January 2022

What is CVE-2022-23219?

The deprecated clnt_create function within the sunrpc module of the GNU C Library fails to validate the length of the hostname argument, leading to a potential buffer overflow. This vulnerability can cause a denial of service or, if the application lacks a stack protector, may allow for arbitrary code execution by attackers. It highlights the importance of using secure coding practices and the need to promptly update affected libraries to mitigate risks.

References

https://www.oracle.com/security-alerts/cpujul2022.html

https://sourceware.org/bugzilla/show_bug.cgi?id=22542

https://security.gentoo.org/glsa/202208-24

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2022
Vulnerability Reserved
Jan 14, 2022

Gnu

What is CVE-2022-23219?

References

CVSS V3.1

Timeline