7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.551 Medium
EPSS
Percentile
97.6%
Issue Overview:
It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory
leak can occur when parsing specially crafted XDR messages. An attacker sending
thousands of messages to rpcbind could cause its memory usage to grow without
bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)
Affected Packages:
rpcbind
Issue Correction:
Run yum update rpcbind to update your system.
New Packages:
i686:
rpcbind-debuginfo-0.2.0-13.9.amzn1.i686
rpcbind-0.2.0-13.9.amzn1.i686
src:
rpcbind-0.2.0-13.9.amzn1.src
x86_64:
rpcbind-debuginfo-0.2.0-13.9.amzn1.x86_64
rpcbind-0.2.0-13.9.amzn1.x86_64
Red Hat: CVE-2017-8779
Mitre: CVE-2017-8779
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | rpcbind-debuginfo | < 0.2.0-13.9.amzn1 | rpcbind-debuginfo-0.2.0-13.9.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | rpcbind | < 0.2.0-13.9.amzn1 | rpcbind-0.2.0-13.9.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | rpcbind-debuginfo | < 0.2.0-13.9.amzn1 | rpcbind-debuginfo-0.2.0-13.9.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | rpcbind | < 0.2.0-13.9.amzn1 | rpcbind-0.2.0-13.9.amzn1.x86_64.rpm |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.551 Medium
EPSS
Percentile
97.6%