QwikSec

Security Database

CVE

CWE

Training

CVE-2022-23219

Published: Jan 14, 2022

Modified: May 5, 2025

PUBLISHED

Description

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.oracle.com/security-alerts/cpujul2022.html

https://sourceware.org/bugzilla/show_bug.cgi?id=22542

vendor-advisory

[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.