CVE-2018-14622: A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances…

high7.5CVSS 3.1

AVNACLPRNUINSUCNINAH

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.

Affected

20 ranges

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	libtirpc	< libtirpc 0.2.5-1.3 (bookworm)	libtirpc 0.2.5-1.3 (bookworm)
libtirpc_project	libtirpc	< 0.3.3	0.3.3
libtirpc_project	libtirpc	>= 0 < 0.2.5-1.3	0.2.5-1.3
libtirpc_project	libtirpc	>= 0 < 0.2.5-1.3	0.2.5-1.3
libtirpc_project	libtirpc	>= 0 < 0.2.5-1.3	0.2.5-1.3
libtirpc_project	libtirpc	>= 0 < 0.2.5-1.3	0.2.5-1.3
libtirpc_project	libtirpc	>= 0 < 0.2.2-5ubuntu2.1	0.2.2-5ubuntu2.1
libtirpc_project	libtirpc	>= 0 < 0.2.5-1ubuntu0.1	0.2.5-1ubuntu0.1
libtirpc_project	libtirpc	>= 0 < 0.2.5-1.2ubuntu0.1	0.2.5-1.2ubuntu0.1
redhat	enterprise_linux	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_workstation	—	—

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

osv7.5HIGH