Back to search
CVE-2017-8804
Published: May 7, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7
x_refsource_CONFIRM
https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html
x_refsource_CONFIRM
98339
vdb-entry
x_refsource_BID
https://sourceware.org/bugzilla/show_bug.cgi?id=21461
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2017/05/05/2
x_refsource_CONFIRM
SUSE-SU-2018:0565
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2018:0494
vendor-advisory
x_refsource_SUSE
SUSE-SU-2018:0451
vendor-advisory
x_refsource_SUSE
https://seclists.org/oss-sec/2017/q2/228
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now