CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-46828 – libtirpc: DoS vulnerability with lots of connections
https://notcve.org/view.php?id=CVE-2021-46828
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. En libtirpc versiones anteriores a 1.3.3rc1, los atacantes remotos podían agotar los descriptores de archivo de un proceso que usa libtirpc porque las conexiones TCP inactivas son manejadas inapropiadamente. Esto puede, a su vez, conllevar a un bucle infinito svc_run sin aceptar nuevas conexiones A denial of service (DoS) vulnerability was found in libtirpc. This flaw allows a remote attacker to exhaust the file descriptors of a process that uses libtirpc due to mishandling idle TCP connections. • http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=86529758570cef4c73fb9b9c4104fdc510f701ed https://lists.debian.org/debian-lts-announce/2022/08/msg00004.html https://security.gentoo.org/glsa/202210-33 https://security.netapp.com/advisory/ntap-20221007-0004 https://www.debian.org/security/2022/dsa-5200 https://access.redhat.com/security/cve/CVE-2021-46828 https://bugzilla.redhat.com/show_bug.cgi?id=2109352 • CWE-400: Uncontrolled Resource Consumption CWE-755: Improper Handling of Exceptional Conditions CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14621
https://notcve.org/view.php?id=CVE-2018-14621
An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted. Se ha encontrado una vulnerabilidad de bucle infinito en libtirpc en versiones anteriores a la 1.0.2-rc2. Con el puerto para utilizar poll en lugar de select, el agotamiento de los descriptores de archivo podrían provocar que el servidor entre en un bucle infinito, consumiendo una gran cantidad de tiempo de CPU y denegando el servicio a otros clientes hasta que se reinicie. • http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=fce98161d9815ea016855d9f00274276452c2c4b https://bugzilla.novell.com/show_bug.cgi?id=968175 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0CVE-2018-14622
https://notcve.org/view.php?id=CVE-2018-14622
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections. Se ha encontrado una vulnerabilidad de desreferencia de puntero NULL en libtirpc en versiones anteriores a la 0.3.3-rc3. El valor de retorno de makefd_xprt() no se comprobó en todas las instancias, lo que podría conducir a un cierre inesperado cuando el servidor agotó el número máximo de descriptores de archivo disponibles. • http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=1c77f7a869bdea2a34799d774460d1f9983d45f0 https://access.redhat.com/errata/RHBA-2017:1991 https://bugzilla.novell.com/show_bug.cgi?id=968175 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14622 https://lists.debian.org/debian-lts-announce/2018/08/msg00034.html https://usn.ubuntu.com/3759-1 https://usn.ubuntu.com/3759-2 • CWE-252: Unchecked Return Value •
CVSS: 7.8EPSS: 54%CPEs: 3EXPL: 1CVE-2017-8779 – RPCBind / libtirpc - Denial of Service
https://notcve.org/view.php?id=CVE-2017-8779
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. Rpcbind versión 0.2.4, LIBTIRPC versión 1.0.1 y versiones 1.0.2-rc a 1.0.2-rc3, y NTIRPC versión 1.4.3, no consideran el tamaño máximo de datos RPC durante la asignación de memoria para cadenas XDR, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria sin liberación) a través de un paquete UDP manipulado enviado al puerto 111, también conocido como rpcbomb. It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. • https://www.exploit-db.com/exploits/41974 http://openwall.com/lists/oss-security/2017/05/03/12 http://openwall.com/lists/oss-security/2017/05/04/1 http://www.debian.org/security/2017/dsa-3845 http://www.securityfocus.com/bid/98325 http://www.securitytracker.com/id/1038532 https://access.redhat.com/errata/RHBA-2017:1497 https://access.redhat.com/errata/RHSA-2017:1262 https://access.redhat.com/errata/RHSA-2017:1263 https://access.redhat.com/errata/RHSA-2017: • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 11%CPEs: 8EXPL: 1CVE-2013-1950 – rpcbind - CALLIT procedure UDP Crash (PoC)
https://notcve.org/view.php?id=CVE-2013-1950
The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer. La función svc_dg_getargs en libtirpc v0.2.3 y anteriores permiten provocar una denegación de servicio (caída de rpcbind) a través de una petición RPC con argumentos manipulados que provocan una liberación de un puntero inválido. • https://www.exploit-db.com/exploits/26887 http://git.infradead.org/users/steved/libtirpc.git/commitdiff/a9f437119d79a438cb12e510f3cadd4060102c9f http://rhn.redhat.com/errata/RHSA-2013-0884.html https://bugzilla.redhat.com/show_bug.cgi?id=948378 https://access.redhat.com/security/cve/CVE-2013-1950 • CWE-399: Resource Management Errors •