diff options
| author | Florian Weimer <fweimer@redhat.com> | 2022-01-17 10:21:34 +0100 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2022-01-17 10:47:58 +0100 |
| commit | f545ad4928fa1f27a3075265182b38a4f939a5f7 (patch) | |
| tree | d601541a207382c53aa7dfd6ccc256805ec34294 /NEWS | |
| parent | ef972a4c50014a16132b5c75571cfb6b30bef136 (diff) | |
| download | glibc-f545ad4928fa1f27a3075265182b38a4f939a5f7.tar.gz glibc-f545ad4928fa1f27a3075265182b38a4f939a5f7.tar.xz glibc-f545ad4928fa1f27a3075265182b38a4f939a5f7.zip | |
CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768)
The sunrpc function svcunix_create suffers from a stack-based buffer overflow with overlong pathname arguments. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/NEWS b/NEWS index 38a9ddb2cf..38802f0673 100644 --- a/NEWS +++ b/NEWS @@ -160,6 +160,9 @@ Security related changes: legacy function could result in a stack-based buffer overflow when using the "unix" protocol. Reported by Martin Sebor. + CVE-2022-23218: Passing an overlong file name to the svcunix_create + legacy function could result in a stack-based buffer overflow. + The following bugs are resolved with this release: [The release manager will add the list generated by |