cbcvebase.
CVE-2021-46828
published 2022-07-20

CVE-2021-46828: In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled…

PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.09%
79.3th percentile
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.

Affected

12 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianlibtirpc< libtirpc 1.3.2-2.1 (bookworm)libtirpc 1.3.2-2.1 (bookworm)
libtirpc_projectlibtirpc< 1.3.31.3.3
libtirpc_projectlibtirpc>= 0 < 1.3.1-1+deb11u11.3.1-1+deb11u1
libtirpc_projectlibtirpc>= 0 < 1.3.2-2.11.3.2-2.1
libtirpc_projectlibtirpc>= 0 < 1.3.2-2.11.3.2-2.1
libtirpc_projectlibtirpc>= 0 < 1.3.2-2.11.3.2-2.1
msrccbl2_libtirpc_1.3.3-1_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccm1_libtirpc_1.1.4-5_on_cbl_mariner_1.0

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.