GNU C Library Buffer Overflow Vulnerability in Deprecated NIS Function Allowing Data Spoofing

A buffer overflow vulnerability has been identified in the GNU C Library (glibc) version 2.43 and earlier, within the obsolete nis_local_principal function. This vulnerability arises from the function's potential to overflow a static buffer in the data section. An attacker could exploit this by sending a crafted response to a UDP request generated by nis_local_principal, allowing them to overwrite adjacent static data in the affected application. NIS support has been deprecated in glibc since version 2.26, and applications are encouraged to transition to modern identity and access management services.

Impact

Exploitation of this vulnerability could lead to a static buffer overflow, allowing for the overwriting of neighboring static data in the application, potentially causing undefined behavior or facilitating further exploitation.