PT-2022-2034 · Glibc+10 · Glibc+10

Published

2017-12-03

·

Updated

2024-06-15

·

CVE-2022-23219

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions glibc versions through 2.34
Description The issue is related to a buffer overflow in the sunrpc module of the glibc library. This occurs because the clnt create function copies its hostname argument on the stack without validating its length. As a result, a remote attacker could potentially cause a denial of service or, if the application is not built with a stack protector enabled, execute arbitrary code by sending specially crafted data to the application. The vulnerable function is clnt create, and the vulnerable parameter is hostname.
Recommendations For glibc versions through 2.34, consider disabling the clnt create function until a patch is available to prevent potential exploitation. Restrict access to the sunrpc module to minimize the risk of exploitation. Avoid using the hostname parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

ALSA-2022:0896
ALT-PU-2021-3034
ALT-PU-2022-1201
ALT-PU-2022-2917
AZL-7533
BDU:2022-01633
CESA-2022_0896
CVE-2022-23219
DLA-3152-1
MGASA-2022-0028
OPENSUSE-SU-2022:0330-1
OPENSUSE-SU-2022_0330-1
OPENSUSE-SU-2024:11850-1
RHSA-2022:0896
RHSA-2022_0896
RLSA-2022:0896
SUSE-SU-2022:0330-1
SUSE-SU-2022:0441-1
SUSE-SU-2022:0832-1
SUSE-SU-2022:0909-1
SUSE-SU-2022:14923-1
SUSE-SU-2022_14923-1
USN-5310-1
USN-5310-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Glibc