← Back

Libtirpc Project

libtirpc_project

5 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Libtirpc
libtirpc
5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-46828
2Debian
Libtirpc Project
2Debian Linux
Libtirpc
May 5, 2025
Jul 20, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without ac...Show more
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.Show less
CVE-2018-14622
4Canonical
DebianLibtirpc Project+1 more
8Debian Linux
Enterprise LinuxEnterprise Linux Desktop+5 more
Nov 21, 2024
Aug 30, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maxim...Show more
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.Show less
CVE-2018-14621
1Libtirpc Project
1Libtirpc
Nov 21, 2024
Aug 30, 2018
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a...Show more
An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.Show less
CVE-2017-8779
3Libtirpc Project
Ntirpc ProjectRpcbind Project
3Libtirpc
NtirpcRpcbind
May 13, 2026
May 4, 2017
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to...Show more
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.Show less
CVE-2013-1950
1Libtirpc Project
1Libtirpc
Apr 29, 2026
Jul 9, 2013
N/A· v4
N/A· v3
4.3 MEDIUM· v2
The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.