Fluid Attacks Database

Description

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	glibc	=2.31-13 \|\| =2.31-13+deb11u1 \|\| =2.31-13+deb11u2 \|\| >=0 <2.31-13+deb11u3	2.31-13+deb11u3
debian 12	glibc	>=0 <2.33-3	2.33-3
debian 14	glibc	>=0 <2.33-3	2.33-3
debian 13	glibc	>=0 <2.33-3	2.33-3
rpm rhel6	compat-glibc	-	-
rpm rhel7	compat-glibc	-	-
rpm rhel6	glibc	-	-
rpm rhel7	glibc	-	-
rpm rhel8	glibc	<0:2.28-164.el8_5.3	0:2.28-164.el8_5.3

Aliases

1. CVE-2022-232182. NVD-2022-232183. OSV-DEBIAN-2022-232184. OSV-2022-232185. SECURITY-TRACKER-CVE-2022-23218

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.