Denial of service in libtirpc
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-14622 CVE-2018-14621 |
| CWE-ID | CWE-476 CWE-119 CWE-835 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
libtirpc Universal components / Libraries / Libraries used by multiple products |
| Vendor | linux-nfs.org |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU14577
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-14622
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to boundary error when checking the return value of the makefd_xprt() function, as defined in the svc_vc.csource code. A remote attacker can flood a targeted system with new connections, exhaust the maximum number of available file descriptors, trigger NULL pointer dereference and cause the affected software to terminate abnormally.
MitigationInstall update from vendor's website.
Vulnerable software versionslibtirpc: 0.3.0 - 1.0.3
External linkshttp://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Infinite loop
EUVDB-ID: #VU14698
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-14621
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to improper handling of port settings. A remote attacker can configure the role of the targeted port to poll, rather than select, trigger infinite loop and cause the service to crash.
MitigationUpdate to version 1.0.2-rc2.
Vulnerable software versionslibtirpc: 0.3.0 - 1.0.2
External linkshttp://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=ddcd00ed2055a4e79f5d2579d63d5ea294eda6cc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
