Red Hat is vulnerable to denial of service. The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clnt_create() in the sunrpc’s clnt_gen.c module of the GNU C Library (aka glibc) through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) lead to arbitrary code execution.
access.redhat.com/errata/RHSA-2022:0896
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=2042017
lists.debian.org/debian-lts-announce/2022/10/msg00021.html
security.gentoo.org/glsa/202208-24
sourceware.org/bugzilla/show_bug.cgi?id=22542
www.oracle.com/security-alerts/cpujul2022.html