Описание
Уязвимость функции makefd_xprt() библиотеки предоставления протокола RPC libtirpc связана с разыменованием нулевого указателя (возвращаемое значение makefd_xprt() проверяется не для всех возможных случаев). Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании приложения на основе rpc, заполнив его новыми подключениями, что может привести к сбою, когда сервер исчерпает максимальное количество доступных файловых дескрипторов
Вендор
Наименование ПО
Версия ПО
Тип ПО
Операционные системы и аппаратные платформы
Уровень опасности уязвимости
Возможные меры по устранению уязвимости
Статус уязвимости
Наличие эксплойта
Информация об устранении
Идентификаторы других систем описаний уязвимостей
- CVE
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Связанные уязвимости
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.
A null-pointer dereference vulnerability was found in libtirpc before ...
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.
EPSS
7.5 High
CVSS3
5 Medium
CVSS2