Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2022-23218

Related Vulnerabilities: CVE-2022-23218  

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Source

Description

The MITRE CVE dictionary describes this issue as:

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Additional Information

  • Bugzilla 2042013: CVE-2022-23218 glibc: stack-based buffer overflow in svcunix_create via long pathnames
  • CWE-20->CWE-119: Improper Input Validation leads to Improper Restriction of Operations within the Bounds of a Memory Buffer
  • FAQ: Frequently asked questions about CVE-2022-23218

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started