CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768)

The sunrpc function svcunix_create suffers from a stack-based buffer overflow with overlong pathname arguments. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
author: Florian Weimer <fweimer@redhat.com> 2022-01-17 10:21:34 +0100
committer: Florian Weimer <fweimer@redhat.com> 2022-01-17 10:47:58 +0100
commit: f545ad4928fa1f27a3075265182b38a4f939a5f7 (patch)
tree: d601541a207382c53aa7dfd6ccc256805ec34294 /NEWS
parent: ef972a4c50014a16132b5c75571cfb6b30bef136 (diff)
download: glibc-f545ad4928fa1f27a3075265182b38a4f939a5f7.tar
glibc-f545ad4928fa1f27a3075265182b38a4f939a5f7.tar.gz
glibc-f545ad4928fa1f27a3075265182b38a4f939a5f7.tar.bz2
glibc-f545ad4928fa1f27a3075265182b38a4f939a5f7.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 38a9ddb2cf..38802f0673 100644
--- a/NEWS
+++ b/NEWS
@@ -160,6 +160,9 @@ Security related changes:
   legacy function could result in a stack-based buffer overflow when
   using the "unix" protocol.  Reported by Martin Sebor.
 
+  CVE-2022-23218: Passing an overlong file name to the svcunix_create
+  legacy function could result in a stack-based buffer overflow.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by
author	Florian Weimer <fweimer@redhat.com>	2022-01-17 10:21:34 +0100
committer	Florian Weimer <fweimer@redhat.com>	2022-01-17 10:47:58 +0100
commit	f545ad4928fa1f27a3075265182b38a4f939a5f7 (patch)
tree	d601541a207382c53aa7dfd6ccc256805ec34294 /NEWS
parent	ef972a4c50014a16132b5c75571cfb6b30bef136 (diff)
download	glibc-f545ad4928fa1f27a3075265182b38a4f939a5f7.tar glibc-f545ad4928fa1f27a3075265182b38a4f939a5f7.tar.gz glibc-f545ad4928fa1f27a3075265182b38a4f939a5f7.tar.bz2 glibc-f545ad4928fa1f27a3075265182b38a4f939a5f7.zip