ALAS2023-2023-060 --- glibc| ID: oval:org.secpod.oval:def:19500147 | Date: (C)2023-06-12 (M)2023-06-12 |
| Class: PATCH | Family: unix |
A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clnt_create in the sunrpc's clnt_gen.c module of the GNU C Library through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or lead to arbitrary code execution
| Platform: |
| Amazon Linux 2023 |
| Product: |
| glibc |
| nss_db |
| nscd |
| nss_hesiod |
| libnsl |
| compat-libpthread-nonshared |
| sysroot-x86_64-fc34-glibc |
| sysroot-i386-fc34-glibc |
| sysroot-aarch64-fc34-glibc |
