Lucene search

K
redhatcveRedhat.comRH:CVE-2022-23219
HistoryJan 18, 2022 - 5:53 p.m.

CVE-2022-23219

2022-01-1817:53:54
redhat.com
access.redhat.com
23

EPSS

0.013

Percentile

85.9%

A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clnt_create() in the sunrpc’s clnt_gen.c module of the GNU C Library (aka glibc) through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) lead to arbitrary code execution.

Mitigation

An application built with stack protector enabled can mitigate this issue.