CVE-2017-8779

Public on 2017-06-06
Modified on 2017-06-06
Description
It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.
Severity
Important
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 rpcbind 2017-06-06 17:03 ALAS-2017-841
Amazon Linux 1 libtirpc 2017-06-06 17:00 ALAS-2017-840

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv2 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C
NVD CVSSv3 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H