Public bug reported:
Title: Vulnerability in Glibc - CVE-2022-23219
Expectation: Glibc needs to be upgraded to glib v2.35 (Feb2022 release)
Details of CVE - https://nvd.nist.gov/vuln/detail/CVE-2022-23219 &;
https://ubuntu.com/security/CVE-2022-23219
Description: The deprecated compatibility function clnt_create in the sunrpc
module of the GNU C Library (aka Glibc) through 2.34 copies its hostname
argument on the stack without validating its length, which may result in a
buffer overflow, potentially resulting in a denial of service or (if an
application is not built with a stack protector enabled) arbitrary code
execution.
** Affects: glibc (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1961117
Title:
Vulnerability in glibc - CVE-2022-23219
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1961117/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
