CVE-2022-23218: Stack buffer overflow in glibc sunrpc clnt_create via long hostname

CVE-2022-23218: In glibc ≤ 2.34, the clnt_create() function in sunrpc/clnt_gen.c contains a stack-based buffer overflow. When proto is "unix", the function allocates struct sockaddr_un sun on the stack and calls strcpy(sun.sun_path, hostname) with no bounds check. The sun_path field is only 108 bytes (UNIX_PATH_MAX on Linux). A hostname longer than 107 characters overflows the stack frame, corrupting saved registers and the return address, enabling code execution.