Main Vulnerability Database Vulnerabilities #VU14698

#VU14698 Infinite loop in libtirpc - CVE-2018-14621

Published: September 6, 2018 / Updated: September 7, 2018

Vulnerability identifier: #VU14698

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-14621

CWE-ID: CWE-835

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
libtirpc

Software vendor:
linux-nfs.org

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to improper handling of port settings. A remote attacker can configure the role of the targeted port to poll, rather than select, trigger infinite loop and cause the service to crash.

Remediation

Update to version 1.0.2-rc2.

External links

http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=ddcd00ed2055a4e79f5d2579d63d5ea294eda6cc

#VU14698 Infinite loop in libtirpc - CVE-2018-14621

Description

Remediation

External links

Please verify you're human