CVE-2022-23219 in Oracle Fujitsu M10-1info

Summary

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Reservation

01/14/2022

Disclosure

01/14/2022

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
218832	Oracle Fujitsu M10-1 XCP Firmware buffer overflow	120	Not defined	Official fix	CVE-2022-23219
211459	Oracle Communications Session Border Controller Routing buffer overflow	120	Not defined	Official fix	CVE-2022-23219
204256	Oracle Enterprise Operations Monitor Mediation buffer overflow	120	Not defined	Official fix	CVE-2022-23219
204255	Oracle Communications Cloud Native Core Unified Data Repository UDR buffer overflow	120	Not defined	Official fix	CVE-2022-23219
204253	Oracle Communications Cloud Native Core Security Edge Protection Proxy SEPP buffer overflow	120	Not defined	Official fix	CVE-2022-23219
204251	Oracle Communications Cloud Native Core Network Repository Function NRF buffer overflow	120	Not defined	Official fix	CVE-2022-23219
204249	Oracle Communications Cloud Native Core Network Function Cloud Native Environment CNE buffer overflow	120	Not defined	Official fix	CVE-2022-23219
204245	Oracle Communications Cloud Native Core Binding Support Function BSF buffer overflow	120	Not defined	Official fix	CVE-2022-23219
190360	GNU C Library sunrpc clnt_create buffer overflow	120	Not defined	Not defined	CVE-2022-23219

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!