The deprecated compatibility function clnt_create in the...
Critical severity
Unreviewed
Published
Jan 15, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Description
Published by the National Vulnerability Database
Jan 14, 2022
Published to the GitHub Advisory Database
Jan 15, 2022
Last updated
Jan 30, 2023
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
References