CVE-2017-8779
Description
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
82.537
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2017:1262) Important: rpcbind security update rpcbind-0.2.0-38.el7_3.x86_64.rpm | Linux |
| (RHSA-2017:1263) Important: libtirpc security update libtirpc-0.2.4-0.8.el7_3.i686.rpm | Linux |
| (RHSA-2017:1263) Important: libtirpc security update libtirpc-0.2.4-0.8.el7_3.x86_64.rpm | Linux |
| (RHSA-2017:1263) Important: libtirpc security update libtirpc-devel-0.2.4-0.8.el7_3.i686.rpm | Linux |
| (RHSA-2017:1263) Important: libtirpc security update libtirpc-devel-0.2.4-0.8.el7_3.x86_64.rpm | Linux |
| (RHSA-2017:1267) Important: rpcbind security update rpcbind-0.2.0-13.el6_9.i686.rpm | Linux |
| (RHSA-2017:1267) Important: rpcbind security update rpcbind-0.2.0-13.el6_9.x86_64.rpm | Linux |
| (RHSA-2017:1268) Important: libtirpc security update libtirpc-0.2.1-13.el6_9.i686.rpm | Linux |
| (RHSA-2017:1268) Important: libtirpc security update libtirpc-0.2.1-13.el6_9.x86_64.rpm | Linux |
| (RHSA-2017:1268) Important: libtirpc security update libtirpc-devel-0.2.1-13.el6_9.i686.rpm | Linux |
| (RHSA-2017:1268) Important: libtirpc security update libtirpc-devel-0.2.1-13.el6_9.x86_64.rpm | Linux |
| SUSE-SU-2017:1306-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtirpc-debugsource-0.2.3-13.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1306-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtirpc1-0.2.3-13.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1306-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtirpc1-32bit-0.2.3-13.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1306-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtirpc1-debuginfo-0.2.3-13.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1306-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtirpc1-debuginfo-32bit-0.2.3-13.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1314-1(SUSE Linux Enterprise Desktop 12-SP2 ) libtirpc-debugsource-1.0.1-16.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1314-1(SUSE Linux Enterprise Desktop 12-SP2 ) libtirpc-netconfig-1.0.1-16.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1314-1(SUSE Linux Enterprise Desktop 12-SP2 ) libtirpc3-1.0.1-16.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1314-1(SUSE Linux Enterprise Desktop 12-SP2 ) libtirpc3-32bit-1.0.1-16.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1314-1(SUSE Linux Enterprise Desktop 12-SP2 ) libtirpc3-debuginfo-1.0.1-16.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1314-1(SUSE Linux Enterprise Desktop 12-SP2 ) libtirpc3-debuginfo-32bit-1.0.1-16.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1328-1(SUSE Linux Enterprise Desktop 12-SP2 ) rpcbind-0.2.3-23.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1328-1(SUSE Linux Enterprise Desktop 12-SP2 ) rpcbind-debuginfo-0.2.3-23.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1328-1(SUSE Linux Enterprise Desktop 12-SP2 ) rpcbind-debugsource-0.2.3-23.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1336-1(SUSE Linux Enterprise Desktop 12-SP1 ) rpcbind-0.2.1_rc4-17.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1336-1(SUSE Linux Enterprise Desktop 12-SP1 ) rpcbind-debuginfo-0.2.1_rc4-17.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1336-1(SUSE Linux Enterprise Desktop 12-SP1 ) rpcbind-debugsource-0.2.1_rc4-17.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1468-1(SUSE Linux Enterprise Server 11-SP4 ) rpcbind-0.1.6+git20080930-6.27.2.x86_64.rpm | Linux |
| Libtirpc update (ELSA-2017-1268) libtirpc-0.2.1-13.el6_9.x86_64.rpm | Linux |
| Libtirpc-devel update (ELSA-2017-1268) libtirpc-devel-0.2.1-13.el6_9.x86_64.rpm | Linux |
| Libtirpc update (ELSA-2017-1268) libtirpc-0.2.1-13.el6_9.i686.rpm | Linux |
| Libtirpc-devel update (ELSA-2017-1268) libtirpc-devel-0.2.1-13.el6_9.i686.rpm | Linux |
| converts RPC program numbers into universal addresses (USN-4986-1) rpcbind_0.2.3-0.6ubuntu0.18.04.2_i386.deb | Linux |
| converts RPC program numbers into universal addresses (USN-4986-1) rpcbind_0.2.3-0.6ubuntu0.18.04.2_amd64.deb | Linux |
| (RHSA-2017:1262)Important: security update rpcbind-debuginfo-0.2.0-38.el7_3.x86_64.rpm | Linux |
| (RHSA-2017:1263)Important: security update libtirpc-debuginfo-0.2.4-0.8.el7_3.i686.rpm | Linux |
| (RHSA-2017:1263)Important: security update libtirpc-debuginfo-0.2.4-0.8.el7_3.x86_64.rpm | Linux |
| converts RPC program numbers into universal addresses (USN-4986-1) rpcbind_0.2.3-0.6ubuntu0.18.04.2_i386.deb | Linux |
| converts RPC program numbers into universal addresses (USN-4986-1) rpcbind_0.2.3-0.6ubuntu0.18.04.2_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234