libtirpc Project libtirpc 0.2.6 Release Candidate 1

CPE Details

libtirpc Project libtirpc 0.2.6 Release Candidate 1
libtirpc_project
libtirpc
0.2.6
2019-09-16
15h15 +00:00
2019-09-16
15h15 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:libtirpc_project:libtirpc:0.2.6:rc1:*:*:*:*:*:*

Informations

Vendor

libtirpc_project

Product

libtirpc

Version

0.2.6

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-46828 2022-07-19 22h00 +00:00 In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.
7.5
High
CVE-2018-14621 2018-08-30 11h00 +00:00 An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.
7.5
High
CVE-2018-14622 2018-08-30 11h00 +00:00 A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.
7.5
High
CVE-2017-8779 2017-05-04 12h00 +00:00 rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
7.5
High