CVE-2022-23218

Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.34

Description The issue is related to the deprecated compatibility function svcunix create in the sunrpc module of the GNU C Library, which copies its path argument on the stack without validating its length. This may result in a buffer overflow, potentially leading to a denial of service or, if an application is not built with a stack protector enabled, arbitrary code execution. The vulnerability can be exploited by a remote attacker by sending specially crafted data to the application.

Recommendations For glibc versions prior to 2.34, consider disabling the svcunix create function as a temporary workaround until a patch is available. Restrict access to the sunrpc module to minimize the risk of exploitation. Avoid using the path argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.