{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-23218", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T03:36:20.198Z", "dateReserved": "2022-01-14T00:00:00", "datePublished": "2022-01-14T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-10-17T00:00:00"}, "descriptions": [{"lang": "en", "value": "The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28768"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"name": "GLSA-202208-24", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202208-24"}, {"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:36:20.198Z"}, "title": "CVE Program Container", "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28768", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["x_transferred"]}, {"name": "GLSA-202208-24", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202208-24"}, {"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED46EB04-73DF-41D7-9E54-A50570DF766B", "versionEndIncluding": "2.34", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "74810125-09E6-4F27-B541-AFB61112AC56", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_operations_monitor:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "F5453265-3BE1-4AF0-BE50-13C2EF67F49B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_operations_monitor:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "93E0B297-A319-4961-976C-7DDA5A0B9353", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_operations_monitor:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "AEFDF7DD-4D5D-410B-840F-99A8D7DEE4A6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution."}, {"lang": "es", "value": "La funci\u00f3n de compatibilidad obsoleta svcunix_create en el m\u00f3dulo sunrpc de la Biblioteca C de GNU (tambi\u00e9n conocida como glibc) hasta la versi\u00f3n 2.34 copia su argumento de ruta en la pila sin comprobar su longitud, lo que puede resultar en un desbordamiento del b\u00fafer, resultando potencialmente en una denegaci\u00f3n de servicio o (si una aplicaci\u00f3n no est\u00e1 construida con un protector de pila habilitado) la ejecuci\u00f3n de c\u00f3digo arbitrario"}], "id": "CVE-2022-23218", "lastModified": "2022-11-08T13:37:42.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-14T07:15:08.800", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-24"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28768"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:0896", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "glibc-0:2.28-164.el8_5.3", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-03-15T00:00:00Z"}, {"advisory": "RHSA-2022:0896", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "glibc-0:2.28-164.el8_5.3", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-03-15T00:00:00Z"}], "bugzilla": {"description": "glibc: Stack-based buffer overflow in svcunix_create via long pathnames", "id": "2042013", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042013"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-20->CWE-119", "details": ["The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.", "A stack based buffer-overflow vulnerability was found in the deprecated compatibility function svcunix_create() in the sunrpc's svc_unix.c module of the GNU C Library (aka glibc) through 2.34. This vulnerability copies its path argument onto the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) then it will lead to arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "An application built with stack protector enabled can mitigate this issue."}, "name": "CVE-2022-23218", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-01-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-23218\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23218"], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 6 and 7, hence, marked as Out-of-Support-Scope. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}