5 matches found
CVE-2017-8779
CVE-2017-8779 affects rpcbind and its TI-RPC/libtirpc stack. The issue is an unbounded memory leak while parsing XDR strings, causing memory exhaustion and potential denial of service via crafted UDP traffic to port 111 (rpcbomb). Public advisories and vendor notes confirm the root cause in libti...
CVE-2021-46828
CVE-2021-46828 – libtirpc is linked to a DoS in the RPC library where idle TCP connections are mishandled. This can exhaust a process’s file descriptors and cause an svc_run loop that stops accepting new connections. The vulnerability is tied to libtirpc versions before 1.3.3rc1. A fix is availab...
CVE-2018-14622
libtirpc has a null-pointer dereference vulnerability (CVE-2018-14622) prior to version 0.3.3-rc3. The code path around makefd_xprt() does not always check return values, which can lead to a crash when the server hits the maximum number of file descriptors. A remote attacker could trigger a denia...
CVE-2018-14621
CVE-2018-14621 : Infinite loop DoS in libtirpc prior to 1.0.2-rc2 due to an EMFILE handling issue when switching from select to poll. Exploitation could exhaust fds and cause server CPU exhaustion and denial of service; impact is availability. Affected component is the libtirpc library used by se...
CVE-2013-1950
CVE-2013-1950 affects libtirpc up to version 0.2.3, where a crafted Sun RPC request can trigger a free of an invalid pointer, causing DoS (rpcbind crash). Public notes in connected advisories (RHEL, Oracle Linux, Amazon Linux, MiracleLinux, F5 SOL/K19157x) confirm the vulnerability and list a fix...