Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:35037
HistoryApr 10, 2022 - 12:42 a.m.

Denial Of Service (DoS)

2022-04-1000:42:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
22

EPSS

0.013

Percentile

85.9%

Red Hat is vulnerable to denial of service. The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clnt_create() in the sunrpc’s clnt_gen.c module of the GNU C Library (aka glibc) through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) lead to arbitrary code execution.