CVE-2018-14622Unchecked Return Value in Project Libtirpc

CWE-252Unchecked Return Value11 documents8 sources
Severity
7.5HIGHNVD
OSV5.9
EPSS
2.3%
top 15.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Libtirpc Project LibtirpcCanonical Ubuntu LinuxDebian Linux+5 more
Timeline
PublishedAug 30
Latest updateMay 13

Description

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

Debianlibtirpc_project/libtirpc< 0.2.5-1.3+3
Ubuntulibtirpc_project/libtirpc< 0.2.2-5ubuntu2.1+2

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, Enterprise Linux 7.0, 7.4, 7.5, 7.6

🔴Vulnerability Details

4
GHSA
GHSA-359h-vjp2-hp47: A null-pointer dereference vulnerability was found in libtirpc before version 02022-05-13
OSV
libtirpc vulnerabilities2018-09-05
OSV
CVE-2018-14622: A null-pointer dereference vulnerability was found in libtirpc before version 02018-08-30
CVEList
CVE-2018-14622: A null-pointer dereference vulnerability was found in libtirpc before version 02018-08-30

📋Vendor Advisories

4
Ubuntu
libtirpc vulnerabilities2018-09-05
Ubuntu
libtirpc vulnerabilities2018-09-05
Debian
CVE-2018-14622: libtirpc - A null-pointer dereference vulnerability was found in libtirpc before version 0....2018
Red Hat
libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c2016-03-03

💬Community

2
Bugzilla
CVE-2018-14622 libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c2018-08-22
Bugzilla
CVE-2018-14622 libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c [fedora-all]2018-08-22
CVE-2018-14622 — Unchecked Return Value | cvebase