High severity7.5NVD Advisory· Published May 7, 2017· Updated May 13, 2026

CVE-2017-8804

Description

The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references

Affected products

GNU/Glibc
cpe:2.3:a:gnu:glibc:2.25:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.suse.com/show_bug.cginvdIssue TrackingPatch
www.openwall.com/lists/oss-security/2017/05/05/2nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/98339nvdBroken Link
lists.opensuse.org/opensuse-security-announce/2018-02/msg00026.htmlnvd
lists.opensuse.org/opensuse-security-announce/2018-02/msg00039.htmlnvd
lists.opensuse.org/opensuse-security-announce/2018-02/msg00049.htmlnvd
seclists.org/oss-sec/2017/q2/228nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000