Lucene search

K
f5F5F5:K52308021
HistoryApr 29, 2022 - 12:00 a.m.

K52308021 : GNU C Library (glibc) vulnerabilities CVE-2022-23218 and CVE-2022-23219

2022-04-2900:00:00
my.f5.com
36

9.7 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.9%

Security Advisory Description

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Impact

A successful attack may allow an attacker to read or write to a memory location that is outside of the intended boundary of the memory buffer, resulting in arbitrary code execution or causing the system to stop responding.