CVE-2018-14621

Published: Aug 30, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.

Affected (2)

Products: Libtirpc Project: Libtirpc

Libtirpc Project

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Libtirpc Project Libtirpc	Up to 1.0.1
Libtirpc Project Libtirpc	Version 1.0.2 rc1

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (6)

http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=fce98161d9815ea016855d9f00274276452c2c4b

Source: secalert@redhat.com

https://bugzilla.novell.com/show_bug.cgi?id=968175

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=fce98161d9815ea016855d9f00274276452c2c4b

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.novell.com/show_bug.cgi?id=968175

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.