← Back

CVE-2022-23218

nvd nist
Published: Jan 14, 2022Modified: May 5, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Affected (6)

Gnu
1 product
Glibc
Oracle
2 products
Communications Cloud Native Core Unified Data Repository
Enterprise Operations Monitor
Debian
1 product
Debian Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Glibc
Before 2.31
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Communications Cloud Native Core Unified Data Repository
Version 22.2.0
Oracle
Enterprise Operations Monitor
Version 4.3
Enterprise Operations Monitor
Version 4.4
Enterprise Operations Monitor
Version 5.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 10.0

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (8)

Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
ExploitIssue TrackingThird Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.