CVE-2017-8779 rpcbind: memory leak when failing to parse XDR strings/arrays

CVE ID

CVE-2017-8779

DESCRIPTION

It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory
leak can occur when parsing specially crafted XDR messages. An attacker
sending thousands of messages to rpcbind could cause its memory usage to grow
without bound, eventually causing it to be terminated by the OOM killer.

CVSS3 Base Score    7.5

RESOLUTION

Fixed in latest Unitrends security update with
   libtirpc-0.2.1-13.el6_9, rpcbind-0.2.0-13.el6_9

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us