CVE-2018-14622
CVE-2018-14622
In short
A flaw in libtirpc allows a remote attacker to crash RPC-based applications by opening many connections until the server runs out of file descriptors. The application doesn't properly check if a connection setup fails, causing it to crash instead of handling the error gracefully.
Technical detail
A null-pointer dereference occurs in libtirpc's makefd_xprt() function when file descriptor limits are exhausted; the unchecked return value allows remote attackers to trigger application crashes via connection flooding (CWE-252: Unchecked Return Value). The vulnerability requires the ability to send network traffic to an RPC service and affects availability through denial of service.
Summary generated and translated by AI from the official description.
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected products
[UNKNOWN] · libtirpcWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=1c77f7a869bdea2a34799d774460d1f9983d45f0https://access.redhat.com/errata/RHBA-2017:1991https://bugzilla.novell.com/show_bug.cgi?id=968175https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14622https://lists.debian.org/debian-lts-announce/2018/08/msg00034.htmlhttps://usn.ubuntu.com/3759-1/https://usn.ubuntu.com/3759-2/