// For flags

CVE-2013-1950

rpcbind - CALLIT procedure UDP Crash (PoC)

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.

La función svc_dg_getargs en libtirpc v0.2.3 y anteriores permiten provocar una denegación de servicio (caída de rpcbind) a través de una petición RPC con argumentos manipulados que provocan una liberación de un puntero inválido.

These packages provide a transport-independent RPC implementation. A flaw was found in the way libtirpc decoded RPC requests. A specially-crafted RPC request could cause libtirpc to attempt to free a buffer provided by an application using the library, even when the buffer was not dynamically allocated. This could cause an application using libtirpc, such as rpcbind, to crash.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-02-19 CVE Reserved
  • 2013-05-31 CVE Published
  • 2013-07-16 First Exploit
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-399: Resource Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Libtirpc Project
Search vendor "Libtirpc Project"
 Libtirpc
Search vendor "Libtirpc Project" for product "Libtirpc"
 <= 0.2.3
Search vendor "Libtirpc Project" for product "Libtirpc" and version " <= 0.2.3"
-
Affected
Libtirpc Project
Search vendor "Libtirpc Project"
 Libtirpc
Search vendor "Libtirpc Project" for product "Libtirpc"
 0.1.8
Search vendor "Libtirpc Project" for product "Libtirpc" and version "0.1.8"
-
Affected
Libtirpc Project
Search vendor "Libtirpc Project"
 Libtirpc
Search vendor "Libtirpc Project" for product "Libtirpc"
 0.1.9
Search vendor "Libtirpc Project" for product "Libtirpc" and version "0.1.9"
-
Affected
Libtirpc Project
Search vendor "Libtirpc Project"
 Libtirpc
Search vendor "Libtirpc Project" for product "Libtirpc"
 0.1.10
Search vendor "Libtirpc Project" for product "Libtirpc" and version "0.1.10"
-
Affected
Libtirpc Project
Search vendor "Libtirpc Project"
 Libtirpc
Search vendor "Libtirpc Project" for product "Libtirpc"
 0.1.11
Search vendor "Libtirpc Project" for product "Libtirpc" and version "0.1.11"
-
Affected
Libtirpc Project
Search vendor "Libtirpc Project"
 Libtirpc
Search vendor "Libtirpc Project" for product "Libtirpc"
 0.2.0
Search vendor "Libtirpc Project" for product "Libtirpc" and version "0.2.0"
-
Affected
Libtirpc Project
Search vendor "Libtirpc Project"
 Libtirpc
Search vendor "Libtirpc Project" for product "Libtirpc"
 0.2.1
Search vendor "Libtirpc Project" for product "Libtirpc" and version "0.2.1"
-
Affected
Libtirpc Project
Search vendor "Libtirpc Project"
 Libtirpc
Search vendor "Libtirpc Project" for product "Libtirpc"
 0.2.2
Search vendor "Libtirpc Project" for product "Libtirpc" and version "0.2.2"
-
Affected