CVE-2022-23218

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202208-24	Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=28768	Exploit Issue Tracking Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:::::::*
	cpe:2.3:a:oracle:enterprise_operations_monitor:4.3:::::::*
	cpe:2.3:a:oracle:enterprise_operations_monitor:4.4:::::::*
	cpe:2.3:a:oracle:enterprise_operations_monitor:5.0:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-01-14 07:15

Updated : 2024-02-28 18:48

NVD link : CVE-2022-23218

Mitre link : CVE-2022-23218

CVE.ORG link : CVE-2022-23218

JSON object : View

Products Affected

oracle

communications_cloud_native_core_unified_data_repository
enterprise_operations_monitor

debian

debian_linux

gnu

glibc

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2022-23218", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-01-14T07:15:08.800", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/202208-24", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28768", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution."}, {"lang": "es", "value": "La funci\u00f3n de compatibilidad obsoleta svcunix_create en el m\u00f3dulo sunrpc de la Biblioteca C de GNU (tambi\u00e9n conocida como glibc) hasta la versi\u00f3n 2.34 copia su argumento de ruta en la pila sin comprobar su longitud, lo que puede resultar en un desbordamiento del b\u00fafer, resultando potencialmente en una denegaci\u00f3n de servicio o (si una aplicaci\u00f3n no est\u00e1 construida con un protector de pila habilitado) la ejecuci\u00f3n de c\u00f3digo arbitrario"}], "lastModified": "2022-11-08T13:37:42.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED46EB04-73DF-41D7-9E54-A50570DF766B", "versionEndIncluding": "2.34"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74810125-09E6-4F27-B541-AFB61112AC56"}, {"criteria": "cpe:2.3:a:oracle:enterprise_operations_monitor:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5453265-3BE1-4AF0-BE50-13C2EF67F49B"}, {"criteria": "cpe:2.3:a:oracle:enterprise_operations_monitor:4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93E0B297-A319-4961-976C-7DDA5A0B9353"}, {"criteria": "cpe:2.3:a:oracle:enterprise_operations_monitor:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEFDF7DD-4D5D-410B-840F-99A8D7DEE4A6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}