Libtirpc

libtirpc

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-46828 2Debian Libtirpc Project 2Debian Linux Libtirpc May 5, 2025 Jul 20, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without ac...Show more In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.Show less
CVE-2018-14622 4Canonical DebianLibtirpc Project+1 more 8Debian Linux Enterprise LinuxEnterprise Linux Desktop+5 more Nov 21, 2024 Aug 30, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maxim...Show more A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.Show less
CVE-2018-14621 1Libtirpc Project 1Libtirpc Nov 21, 2024 Aug 30, 2018 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a...Show more An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.Show less
CVE-2017-8779 3Libtirpc Project Ntirpc ProjectRpcbind Project 3Libtirpc NtirpcRpcbind May 13, 2026 May 4, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to...Show more rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.Show less
CVE-2013-1950 1Libtirpc Project 1Libtirpc Apr 29, 2026 Jul 9, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.