CVE-2018-14622

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhatCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
libtirpc_projectlibtirpc
𝑥
< 0.3.3
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
debiandebian_linux
8.0
redhatenterprise_linux
7.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libtirpc
bullseye (security)
1.3.1-1+deb11u1
fixed
bullseye
1.3.1-1+deb11u1
fixed
bookworm
1.3.3+ds-1
fixed
sid
1.3.4+ds-1.3
fixed
trixie
1.3.4+ds-1.3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libtirpc
bionic
Fixed 0.2.5-1.2ubuntu0.1
released
xenial
Fixed 0.2.5-1ubuntu0.1
released
trusty
Fixed 0.2.2-5ubuntu2.1
released
Common Weakness Enumeration
References
http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=1c77f7a869bdea2a34799d774460d1f9983d45f0
https://access.redhat.com/errata/RHBA-2017:1991
https://bugzilla.novell.com/show_bug.cgi?id=968175
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14622
https://lists.debian.org/debian-lts-announce/2018/08/msg00034.html
https://usn.ubuntu.com/3759-1/
https://usn.ubuntu.com/3759-2/
http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=1c77f7a869bdea2a34799d774460d1f9983d45f0
https://access.redhat.com/errata/RHBA-2017:1991
https://bugzilla.novell.com/show_bug.cgi?id=968175
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14622
https://lists.debian.org/debian-lts-announce/2018/08/msg00034.html
https://usn.ubuntu.com/3759-1/
https://usn.ubuntu.com/3759-2/