[Bug 1961117] [NEW] Vulnerability in glibc - CVE-2022-23219
bhs
1961117 at bugs.launchpad.net
Wed Feb 16 22:24:25 UTC 2022
Public bug reported:
Title: Vulnerability in Glibc - CVE-2022-23219
Expectation: Glibc needs to be upgraded to glib v2.35 (Feb2022 release)
Details of CVE - https://nvd.nist.gov/vuln/detail/CVE-2022-23219 & https://ubuntu.com/security/CVE-2022-23219
Description: The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka Glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
** Affects: glibc (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1961117
Title:
Vulnerability in glibc - CVE-2022-23219
Status in glibc package in Ubuntu:
New
Bug description:
Title: Vulnerability in Glibc - CVE-2022-23219
Expectation: Glibc needs to be upgraded to glib v2.35 (Feb2022 release)
Details of CVE - https://nvd.nist.gov/vuln/detail/CVE-2022-23219 & https://ubuntu.com/security/CVE-2022-23219
Description: The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka Glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1961117/+subscriptions
More information about the foundations-bugs
mailing list