CVE-2015-7236
Description
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
7.676
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| converts RPC program numbers into universal addresses (USN-2756-1) rpcbind_0.2.1-2ubuntu2.2_i386.deb | Linux |
| converts RPC program numbers into universal addresses (USN-2756-1) rpcbind_0.2.1-2ubuntu2.2_amd64.deb | Linux |
| converts RPC program numbers into universal addresses (USN-2756-1) rpcbind_0.2.1-6ubuntu3.1_i386.deb | Linux |
| converts RPC program numbers into universal addresses (USN-2756-1) rpcbind_0.2.1-6ubuntu3.1_amd64.deb | Linux |
| rpcbind security update(DSA-3366-1) rpcbind_0.2.0-8+deb7u1_i386.deb | Linux |
| rpcbind security update(DSA-3366-1) rpcbind_0.2.0-8+deb7u1_amd64.deb | Linux |
| SUSE-SU-2015:1705-1(SUSE Linux Enterprise Server 12 ) rpcbind-0.2.1_rc4-13.3.1.x86_64.rpm | Linux |
| SUSE-SU-2015:1705-1(SUSE Linux Enterprise Server 12 ) rpcbind-debuginfo-0.2.1_rc4-13.3.1.x86_64.rpm | Linux |
| SUSE-SU-2015:1705-1(SUSE Linux Enterprise Server 12 ) rpcbind-debugsource-0.2.1_rc4-13.3.1.x86_64.rpm | Linux |
| SUSE-SU-2015:1706-1(SUSE Linux Enterprise Desktop 11-SP3 ) rpcbind-0.1.6+git20080930-6.24.1.x86_64.rpm | Linux |
| CVE-2015-7236 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234