[Bug 1961117] Re: Vulnerability in glibc - CVE-2022-23219
Hans Joachim Desserud
1961117 at bugs.launchpad.net
Thu Feb 17 16:09:47 UTC 2022
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23219
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1961117
Title:
Vulnerability in glibc - CVE-2022-23219
Status in glibc package in Ubuntu:
New
Bug description:
Title: Vulnerability in Glibc - CVE-2022-23219
Expectation: Glibc needs to be upgraded to glib v2.35 (Feb2022 release)
Details of CVE - https://nvd.nist.gov/vuln/detail/CVE-2022-23219 & https://ubuntu.com/security/CVE-2022-23219
Description: The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka Glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1961117/+subscriptions
More information about the foundations-bugs
mailing list