libntirpc: Memory leak when failing to parse XDR strings or bytearrays

🗓️ 19 Jun 2017 13:24:11Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 1 Views

Memory leak in libntirpc during XDR string or bytearray parsing in rpcbind, risking out of memory.

Reporter	Title	Published	Views	Family All 201
IBM Security Bulletins	Security Bulletin: A vulnerability in rpcbind affects PowerKVM	18 Jun 201801:36	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util affect IBM SmartCloud Entry	19 Jul 202000:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by Open Source packages vulnerabilities	16 Jun 201822:04	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in libtirpc affects PowerKVM	18 Jun 201801:36	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in libtirpc affects Power Hardware Management Console (CVE-2017-8779)	23 Sep 202101:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows	25 Feb 201920:40	–	ibm
0day.today	RPCBind / libtirpc - Denial of Service Exploit	9 May 201700:00	–	zdt
Amazon	Important: libtirpc	6 Jun 201700:00	–	amazon
Amazon	Important: rpcbind	6 Jun 201700:00	–	amazon
Tenable Nessus	Amazon Linux AMI : libtirpc (ALAS-2017-840)	7 Jun 201700:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	x86_64	calamari-server	0:1.5.6-2.el7cp	calamari-server-0:1.5.6-2.el7cp.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	ceph-base	1:10.2.7-27.el7cp	ceph-base-1:10.2.7-27.el7cp.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	ceph-common	1:10.2.7-27.el7cp	ceph-common-1:10.2.7-27.el7cp.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	ceph-fuse	1:10.2.7-27.el7cp	ceph-fuse-1:10.2.7-27.el7cp.x86_64.rpm
Red Hat Enterprise Linux	7	any	ceph-iscsi-cli	0:2.0-5.el7cp.noarch	ceph-iscsi-cli-0:2.0-5.el7cp.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	ceph-iscsi-config	0:2.0-4.el7cp.noarch	ceph-iscsi-config-0:2.0-4.el7cp.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	ceph-iscsi-tools	0:2.0-3.el7cp.noarch	ceph-iscsi-tools-0:2.0-3.el7cp.noarch.noarch.rpm
Red Hat Enterprise Linux	7	x86_64	ceph-mds	1:10.2.7-27.el7cp	ceph-mds-1:10.2.7-27.el7cp.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	ceph-mon	1:10.2.7-27.el7cp	ceph-mon-1:10.2.7-27.el7cp.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	ceph-osd	1:10.2.7-27.el7cp	ceph-osd-1:10.2.7-27.el7cp.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2017-8779
access	www.access.redhat.com/solutions/3025811/
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-8779
cve	www.cve.org/CVERecord

13 May 2026 01:08Current

7High risk

Vulners AI Score7

CVSS 37.5

CVSS 27.8

EPSS0.81921

libntirpc rpcbind memory leak external data representation parsing bytearrays out of memory