Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-23218

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Published

2022-01-14T07:15:08.800

Last Modified

2025-05-05T17:17:55.563

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-120
  • Type: Secondary
    CWE-120
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application gnu glibc < 2.31 Yes
Application oracle communications_cloud_native_core_unified_data_repository 22.2.0 Yes
Application oracle enterprise_operations_monitor 4.3 Yes
Application oracle enterprise_operations_monitor 4.4 Yes
Application oracle enterprise_operations_monitor 5.0 Yes
Operating System debian debian_linux 10.0 Yes
References