Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1950 — Project Libtirpc vulnerability

CWE-39910 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
8.8%
top 7.45%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Libtirpc Project Libtirpc
Timeline
PublishedJul 9
Latest updateMay 17

Description

The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

â–¶NVDlibtirpc_project/libtirpc0.2.3+7

🔴Vulnerability Details

2
GHSA
GHSA-6g29-qg3g-jfjm: The svc_dg_getargs function in libtirpc 0↗2022-05-17
â–¶
CVEList
CVE-2013-1950: The svc_dg_getargs function in libtirpc 0↗2013-07-09
â–¶

💥Exploits & PoCs

1
Exploit-DB
rpcbind - CALLIT procedure UDP Crash (PoC)↗2013-07-16
â–¶

📋Vendor Advisories

2
Red Hat
libtirpc: invalid pointer free leads to rpcbind daemon crash↗2013-04-18
â–¶
Debian
CVE-2013-1950: libtirpc - The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attacker...↗2013
â–¶

💬Community

4
Bugzilla
rpcbind exploit made public for 0.2.0-19 - push 0.2.0-20 to fc 17 stable↗2013-07-17
â–¶
Bugzilla
CVE-2013-1950 libtirpc: invalid pointer free leads to crash [fedora-all]↗2013-04-22
â–¶
Bugzilla
CVE-2013-1950 libtirpc: invalid pointer free leads to crash [fedora-all]↗2013-04-22
â–¶
Bugzilla
CVE-2013-1950 libtirpc: invalid pointer free leads to rpcbind daemon crash↗2013-04-04
â–¶
CVE-2013-1950 — Libtirpc Project Libtirpc vulnerability | cvebase