ALT-PU-2023-6364-1
Package libtirpc updated to version 1.3.4-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Published: 2022-07-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-46828
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=86529758570cef4c73fb9b9c4104fdc510f701ed
- http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=86529758570cef4c73fb9b9c4104fdc510f701ed
- [debian-lts-announce] 20220812 [SECURITY] [DLA 3071-1] libtirpc security update
- [debian-lts-announce] 20220812 [SECURITY] [DLA 3071-1] libtirpc security update
- GLSA-202210-33
- GLSA-202210-33
- https://security.netapp.com/advisory/ntap-20221007-0004/
- https://security.netapp.com/advisory/ntap-20221007-0004/
- DSA-5200
- DSA-5200