CVE-2018-14621
published 2018-08-30CVE-2018-14621: An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors…
PriorityP338high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
2.26%
80.8th percentile
An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libtirpc | — | — |
| libtirpc_project | libtirpc | <= 1.0.1 | — |
| libtirpc_project | libtirpc | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_debian5.3LOW
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2018-14621: libtirpc - An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. W...
vendor_debian·2018·CVSS 5.3
CVE-2018-14621 [MEDIUM] CVE-2018-14621: libtirpc - An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. W...
An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Red Hat
libtirpc: Infinite loop in EMFILE case in svc_vc.c
vendor_redhat·2016-03-03·CVSS 5.3
CVE-2018-14621 [MEDIUM] CWE-835 libtirpc: Infinite loop in EMFILE case in svc_vc.c
libtirpc: Infinite loop in EMFILE case in svc_vc.c
An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.
An infinite loop vulnerability was found in libtirpc. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.
Package: libntirpc (Red Hat Ceph Storage 2) - Not affected
Package: libntirpc (Red Hat Ceph Storage 3) - Not affected
Package: libtirpc (Red Hat Enterprise Linux 6) - Not
GHSA
GHSA-362j-4wp6-47gj: An infinite loop vulnerability was found in libtirpc before version 1
ghsa_unreviewed·2022-05-13
CVE-2018-14621 [HIGH] CWE-835 GHSA-362j-4wp6-47gj: An infinite loop vulnerability was found in libtirpc before version 1
An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-14622 libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c
bugzilla·2018-08-22·CVSS 7.5
CVE-2018-14622 [HIGH] CVE-2018-14622 libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c
CVE-2018-14622 libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c
A flaw was found in libtirpc. The return value of makefd_xprt was used without checking for NULL in svc_vc.c, leading to a null pointer dereference / segfault if the maximum number of available file descriptors was exhausted.
References:
https://bugzilla.novell.com/show_bug.cgi?id=968175
Upstream Patch:
http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0
Discussion:
Created libtirpc tracking bugs for this issue:
Affects: fedora-all [bug 1620295]
---
This was fixed in RHEL 7 as part of bug 1410617.
---
Hi
I think there is need of clarification for CVE-2018-14622 (and CVE-2018-14621).
CVE-2018-14622 refers to http://git.linux-nfs.org/?p=steved/libti
Bugzilla
CVE-2018-14621 libtirpc: Infinite loop in EMFILE case in svc_vc.c
bugzilla·2018-08-22·CVSS 5.3
CVE-2018-14621 [MEDIUM] CVE-2018-14621 libtirpc: Infinite loop in EMFILE case in svc_vc.c
CVE-2018-14621 libtirpc: Infinite loop in EMFILE case in svc_vc.c
A flaw was found in libtirpc before version 1.0.2-rc2. With the port to poll, and endless loop can be created when running out of file descriptors.
References:
https://bugzilla.novell.com/show_bug.cgi?id=968175
Upstream Patch:
http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b
Discussion:
This was introduced with the port to using poll() instead of select() around 0.3.3. Prior versions use a different strategy when EMFILE/ENFILE is hit: the "most idle" connection is dropped before retrying.
http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=fce98161d9815ea016855d9f00274276452c2c4bhttps://bugzilla.novell.com/show_bug.cgi?id=968175https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=fce98161d9815ea016855d9f00274276452c2c4bhttps://bugzilla.novell.com/show_bug.cgi?id=968175https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621
2018-08-30
Published