ALAS-2022-1576 --- glibcID: oval:org.secpod.oval:def:1601527 | Date: (C)2022-04-08 (M)2023-01-09 |
Class: PATCH | Family: unix |
A stack based buffer-overflow vulnerability was found in the deprecated compatibility function svcunix_create in the sunrpc' svc_unix.c module of the GNU C Library through 2.34. This vulnerability copies its path argument onto the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or then it will lead to arbitrary code execution. A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clnt_create in the sunrpc' clnt_gen.c module of the GNU C Library through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or lead to arbitrary code execution
Platform: |
Amazon Linux AMI |