{"id":"AZL-7533","summary":"CVE-2022-23219 affecting package glibc for versions less than 2.35-1","details":"The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.","modified":"2026-04-01T05:22:50.750510Z","published":"2022-01-14T07:15:08Z","upstream":["CVE-2022-23219"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23219"}],"affected":[{"package":{"name":"glibc","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/glibc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.35-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-7533.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}