Lucene search

K
nvd[email protected]NVD:CVE-2022-23219
HistoryJan 14, 2022 - 7:15 a.m.

CVE-2022-23219

2022-01-1407:15:08
CWE-120
web.nvd.nist.gov
1

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.013

Percentile

85.9%

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Affected configurations

NVD
Node
gnuglibcRange2.34
Node
oraclecommunications_cloud_native_core_binding_support_functionMatch22.1.3
OR
oraclecommunications_cloud_native_core_network_function_cloud_native_environmentMatch22.1.0
OR
oraclecommunications_cloud_native_core_network_repository_functionMatch22.1.2
OR
oraclecommunications_cloud_native_core_network_repository_functionMatch22.2.0
OR
oraclecommunications_cloud_native_core_security_edge_protection_proxyMatch22.1.1
OR
oraclecommunications_cloud_native_core_unified_data_repositoryMatch22.2.0
OR
oracleenterprise_operations_monitorMatch4.3
OR
oracleenterprise_operations_monitorMatch4.4
OR
oracleenterprise_operations_monitorMatch5.0
Node
debiandebian_linuxMatch10.0

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.013

Percentile

85.9%