QwikSec

Security Database

CVE

CWE

Training

CVE-2018-14622

Published: Aug 30, 2018

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

5.3

MEDIUM

Description

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.

Vendor	Product	Versions
[UNKNOWN]	libtirpc	affected `0.3.3-rc3`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

[debian-lts-announce] 20180831 [SECURITY] [DLA 1487-1] libtirpc security update

mailing-list

x_refsource_MLIST

https://bugzilla.novell.com/show_bug.cgi?id=968175

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14622

x_refsource_CONFIRM

http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=1c77f7a869bdea2a34799d774460d1f9983d45f0

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.