Описание
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 0.2.5-1.2 |
| bionic | not-affected | 0.2.5-1.2 |
| cosmic | not-affected | 0.2.5-1.2 |
| devel | not-affected | 0.2.5-1.2 |
| disco | not-affected | 0.2.5-1.2 |
| eoan | not-affected | 0.2.5-1.2 |
| esm-infra-legacy/trusty | released | 0.2.2-5ubuntu2.1 |
| esm-infra/bionic | not-affected | 0.2.5-1.2 |
| esm-infra/focal | not-affected | 0.2.5-1.2 |
| esm-infra/xenial | released | 0.2.5-1ubuntu0.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1.6.1-1 |
| cosmic | not-affected | 1.6.1-1 |
| devel | not-affected | 1.6.1-1 |
| disco | not-affected | 1.6.1-1 |
| eoan | not-affected | 1.6.1-1 |
| esm-apps/bionic | not-affected | 1.6.1-1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | not-affected | 1.6.1-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | released | 0.2.3-0.6ubuntu0.18.04.2 |
| cosmic | ignored | end of life |
| devel | not-affected | 1.2.5-9 |
| disco | not-affected | 1.2.5-0.3 |
| eoan | not-affected | 1.2.5-0.3build1 |
| esm-infra-legacy/trusty | released | 0.2.1-2ubuntu2.2+esm1 |
| esm-infra/bionic | released | 0.2.3-0.6ubuntu0.18.04.2 |
| esm-infra/focal | not-affected | 1.2.5-8 |
| esm-infra/xenial | released | 0.2.3-0.2ubuntu0.16.04.1+esm1 |
Показывать по
Ссылки на источники
EPSS
7.8 High
CVSS2
7.5 High
CVSS3
Связанные уязвимости
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0 ...
EPSS
7.8 High
CVSS2
7.5 High
CVSS3