Cyber Resilience

CVE-2022-23219

CriticalPublic PoC

Published: 14 January 2022

Published
14 January 2022
Modified
05 May 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0057 69.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-23219 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Oracle Enterprise Operations Monitor. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 30.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a…

more

denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

gnu
glibc
≤ 2.31
oracle
communications cloud native core binding support function
22.1.3
oracle
communications cloud native core network function cloud native environment
22.1.0
oracle
communications cloud native core network repository function
22.1.2, 22.2.0
oracle
communications cloud native core security edge protection proxy
22.1.1
oracle
communications cloud native core unified data repository
22.2.0
oracle
enterprise operations monitor
4.3, 4.4, 5.0
debian
debian linux
10.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References