7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.551 Medium
EPSS
Percentile
97.6%
Issue Overview:
Memory leak when failing to parse XDR strings or bytearrays
It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
Affected Packages:
libtirpc
Issue Correction:
Run yum update libtirpc to update your system.
New Packages:
i686:
libtirpc-0.2.4-0.8.14.amzn1.i686
libtirpc-devel-0.2.4-0.8.14.amzn1.i686
libtirpc-debuginfo-0.2.4-0.8.14.amzn1.i686
src:
libtirpc-0.2.4-0.8.14.amzn1.src
x86_64:
libtirpc-debuginfo-0.2.4-0.8.14.amzn1.x86_64
libtirpc-devel-0.2.4-0.8.14.amzn1.x86_64
libtirpc-0.2.4-0.8.14.amzn1.x86_64
Red Hat: CVE-2017-8779
Mitre: CVE-2017-8779
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | libtirpc | < 0.2.4-0.8.14.amzn1 | libtirpc-0.2.4-0.8.14.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libtirpc-devel | < 0.2.4-0.8.14.amzn1 | libtirpc-devel-0.2.4-0.8.14.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libtirpc-debuginfo | < 0.2.4-0.8.14.amzn1 | libtirpc-debuginfo-0.2.4-0.8.14.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | libtirpc-debuginfo | < 0.2.4-0.8.14.amzn1 | libtirpc-debuginfo-0.2.4-0.8.14.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | libtirpc-devel | < 0.2.4-0.8.14.amzn1 | libtirpc-devel-0.2.4-0.8.14.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | libtirpc | < 0.2.4-0.8.14.amzn1 | libtirpc-0.2.4-0.8.14.amzn1.x86_64.rpm |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.551 Medium
EPSS
Percentile
97.6%