rpm package
suse/libtirpc&distro=SUSE Linux Enterprise Server 11 SP4
pkg:rpm/suse/libtirpc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-14622 | Hig | 7.5 | < 0.2.1-1.13.6.1 | 0.2.1-1.13.6.1 | Aug 30, 2018 | A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker c | |
| CVE-2018-14621 | Med | 5.3 | < 0.2.1-1.13.6.1 | 0.2.1-1.13.6.1 | Aug 30, 2018 | An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other client | |
| CVE-2017-8779 | Hig | 7.5 | < 0.2.1-1.12.3 | 0.2.1-1.12.3 | May 4, 2017 | rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subseq |
- affected < 0.2.1-1.13.6.1fixed 0.2.1-1.13.6.1
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker c
- affected < 0.2.1-1.13.6.1fixed 0.2.1-1.13.6.1
An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other client
- affected < 0.2.1-1.12.3fixed 0.2.1-1.12.3
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subseq