ROSA LABROSA-SA-2021-1897Advisory ROSA-SA-2021-1897
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.036 Low
EPSS
Percentile
91.6%
Software: libtirpc 0.2.4
OS: Cobalt 7.9
CVE-ID: CVE-2018-14621
CVE-Crit: HIGH
CVE-DESC: An infinite loop vulnerability was discovered in libtirpc before version 1.0.2-rc2. If a port uses polling rather than selection, exhaustion of file descriptors will cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-14622
CVE-Crit: HIGH
CVE-DESC: A null pointer dereferencing vulnerability was discovered in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt () was not checked in all cases, which could cause a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause the rpc-based application to crash by flooding it with new connections.
CVE-STATUS: default
CVE-REV: default
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.036 Low
EPSS
Percentile
91.6%