MiracleLinux 8 : glibc-2.28-164.el8.3 (AXSA:2022-3103:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3103:01 advisory. glibc: Off-by-one buffer overflow/underflow in getcwd CVE-2021-3999 glibc: Stack-based buffer overflow in svcunixcreate via long pathnames...

EUVD-2022-28307

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-23218

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its path argument on the stack witho...

CLSA-2024-1720027216 glibc: Fix of 4 CVEs

CVE-2021-3999: getcwd - Set errno to ERANGE for size == 1 - CVE-2021-35942: wordexp - handle overflow in positional parameter number - CVE-2022-23218: Buffer overflow in sunrpc svcunixcreate - CVE-2022-23219: Buffer overflow in sunrpc clntcreate for "unix"...

SUSE CVE-2022-23218

The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or if an application is not...

glibc: Stack-based buffer overflow in svcunix_create via long pathnames

A stack based buffer-overflow vulnerability was found in the deprecated compatibility function svcunixcreate in the sunrpc's svcunix.c module of the GNU C Library aka glibc through 2.34. This vulnerability copies its path argument onto the stack without validating its length, which may result in ...

RHEL 8 : glibc (RHSA-2022:0896)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0896 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name...

CLSA-2022-1643819053 Fixed CVEs in glibc: CVE-2022-23218, CVE-2022-23219

CVE-2022-23218: fix possible buffer overflow in svcunixcreate - CVE-2022-23219: fix possible buffer overflow in clntcreate...

Fix of CVE: CVE-2022-23218, CVE-2022-23219

CVE-2022-23218: fix possible buffer overflow in svcunixcreate - CVE-2022-23219: fix possible buffer overflow in clntcreate...

CLSA-2022-1643818516 Fix of CVE: CVE-2022-23218, CVE-2022-23219

CVE-2022-23218: fix possible buffer overflow in svcunixcreate - CVE-2022-23219: fix possible buffer overflow in clntcreate...

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length which may result in a buffer overflow potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

...

DEBIAN-CVE-2022-23218

The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or if an application is not...

CVE-2022-23218

Summary: CVE-2022-23218 (glibc) is a stack-based buffer overflow in the sunrpc path handling function svcunix_create, allowing potential denial of service or arbitrary code execution if a stack protector is not present. The issue affects glibc up to version 2.34 per the description. Multiple conn...