A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libtirpc | Libtirpc_project | * | 0.3.3 (excluding) |
| Ubuntu_linux | Canonical | 14.04 (including) | 14.04 (including) |
| Ubuntu_linux | Canonical | 16.04 (including) | 16.04 (including) |
| Ubuntu_linux | Canonical | 18.04 (including) | 18.04 (including) |
| Debian_linux | Debian | 8.0 (including) | 8.0 (including) |
| Enterprise_linux | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux_desktop | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux_server_aus | Redhat | 7.4 (including) | 7.4 (including) |
| Enterprise_linux_server_eus | Redhat | 7.4 (including) | 7.4 (including) |
| Enterprise_linux_server_eus | Redhat | 7.5 (including) | 7.5 (including) |
| Enterprise_linux_server_eus | Redhat | 7.6 (including) | 7.6 (including) |
| Enterprise_linux_workstation | Redhat | 7.0 (including) | 7.0 (including) |
| Red Hat Enterprise Linux 7 | RedHat | libtirpc-0:0.2.4-0.10.el7 | * |
| Libtirpc | Ubuntu | bionic | * |
| Libtirpc | Ubuntu | devel | * |
| Libtirpc | Ubuntu | trusty | * |
| Libtirpc | Ubuntu | xenial | * |