ALAS2023-2023-060 --- glibcID: oval:org.secpod.oval:def:19500147 | Date: (C)2023-06-12 (M)2023-06-12 |
Class: PATCH | Family: unix |
A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clnt_create in the sunrpc's clnt_gen.c module of the GNU C Library through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or lead to arbitrary code execution
Platform: |
Amazon Linux 2023 |
Product: |
glibc |
nss_db |
nscd |
nss_hesiod |
libnsl |
compat-libpthread-nonshared |
sysroot-x86_64-fc34-glibc |
sysroot-i386-fc34-glibc |
sysroot-aarch64-fc34-glibc |