Main Vulnerability Database Vulnerabilities #VU14577

#VU14577 Memory corruption in libtirpc - CVE-2018-14622

Published: August 30, 2018 / Updated: August 31, 2018

Vulnerability identifier: #VU14577

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-14622

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
libtirpc

Software vendor:
linux-nfs.org

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when checking the return value of the makefd_xprt() function, as defined in the svc_vc.csource code. A remote attacker can flood a targeted system with new connections, exhaust the maximum number of available file descriptors, trigger NULL pointer dereference and cause the affected software to terminate abnormally.

Remediation

Install update from vendor's website.

External links

http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0

#VU14577 Memory corruption in libtirpc - CVE-2018-14622

Description

Remediation

External links

Please verify you're human