CVE-2021-46828 — Improper Handling of Exceptional Conditions in Project Libtirpc

CWE-755 — Improper Handling of Exceptional Conditions CWE-835 — Infinite Loop CWE-400 — Uncontrolled Resource Consumption CWE-770 — Allocation of Resources Without Limits or Throttling8 documents8 sources

Severity

7.5HIGHNVD

EPSS

1.2%

top 21.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libtirpc Project Libtirpc Debian Linux

Timeline

PublishedJul 20

Latest updateJul 28

Description

In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDlibtirpc_project/libtirpc< 1.3.3

▶Debianlibtirpc_project/libtirpc< 1.3.1-1+deb11u1+3

Also affects: Debian Linux 10.0, 11.0

🔴Vulnerability Details

GHSA

GHSA-x62c-6mxr-74fh: In libtirpc before 1↗2022-07-21

▶

CVEList

CVE-2021-46828: In libtirpc before 1↗2022-07-20

▶

OSV

CVE-2021-46828: In libtirpc before 1↗2022-07-20

▶

📋Vendor Advisories

Ubuntu

libtirpc vulnerability↗2022-07-28

▶

Red Hat

libtirpc: DoS vulnerability with lots of connections↗2022-07-20

▶

Microsoft

In libtirpc before 1.3.3rc1 remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can in turn lead to an svc_run infinit↗2022-07-12

▶

Debian

CVE-2021-46828: libtirpc - In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors...↗2021

▶