CVE-2015-7236 — Use After Free in Project Rpcbind

CWE-416 — Use After Free10 documents9 sources

Severity

7.5HIGHNVD

EPSS

4.3%

top 11.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rpcbind Project Rpcbind Canonical Ubuntu Linux Debian Linux +1 more

Timeline

PublishedOct 1

Latest updateMay 13

Description

Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Debianrpcbind_project/rpcbind< 0.2.1-6.1+3

▶NVDrpcbind_project/rpcbind0.2.1

▶NVDoracle/solaris10, 11.3+1

Also affects: Debian Linux 7.0, Ubuntu Linux 12.04, 14.04, 15.04

🔴Vulnerability Details

GHSA

GHSA-89q3-j7mw-8c8j: Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com↗2022-05-13

▶

OSV

CVE-2015-7236: Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com↗2015-10-01

▶

CVEList

CVE-2015-7236: Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com↗2015-10-01

▶

📋Vendor Advisories

Ubuntu

rpcbind vulnerability↗2015-09-30

▶

BSD

FreeBSD-SA-15:24.rpcbind: rpcbind(8) remote denial of service [REVISED]↗2015-09-29

▶

Red Hat

rpcbind: Use-after-free vulnerability in PMAP_CALLIT↗2015-08-06

▶

Debian

CVE-2015-7236: rpcbind - Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2...↗2015

▶

💬Community

Bugzilla

CVE-2015-7236 rpcbind: Use-after-free vulnerability in PMAP_CALLIT↗2015-09-18

▶

Bugzilla

CVE-2015-7236 rpcbind: Use-after-free vulnerability in PMAP_CALLIT [fedora-all]↗2015-09-18

▶