PRIOn knowledge basePRION:CVE-2017-8804Deserialization of untrusted data
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.3 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.01 Low
EPSS
Percentile
83.3%
DISPUTED The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references]
References
lists.opensuse.org/opensuse-security-announce/2018-02/msg00026.html
lists.opensuse.org/opensuse-security-announce/2018-02/msg00039.html
lists.opensuse.org/opensuse-security-announce/2018-02/msg00049.html
www.openwall.com/lists/oss-security/2017/05/05/2
www.securityfocus.com/bid/98339
bugzilla.suse.com/show_bug.cgi?id=1037559
seclists.org/oss-sec/2017/q2/228
sourceware.org/bugzilla/show_bug.cgi?id=21461
sourceware.org/legacy-ml/libc-alpha/2017-05/msg00128.html
sourceware.org/legacy-ml/libc-alpha/2017-05/msg00129.html
sourceware.org/ml/libc-alpha/2017-05/msg00105.html
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.3 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.01 Low
EPSS
Percentile
83.3%