ALT-PU-2017-2204-1

Package update rpcbind in branch c7

Version0.2.1-alt0.6.M70C.2

Published2017-09-14

Max severityHIGH

Severity:

Closed issues (2)

HIGH7.5

Уязвимость сервера динамического назначения RPC-портов RPCbind, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-12-07Modified: 2023-11-21

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

HIGH7.5

rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.

Published: 2017-05-04Modified: 2025-04-20

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References