NVD Vulnerability Detail

CVE-2018-14622

Summary	A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.
Publication Date	Aug. 30, 2018, 10:29 p.m.
Registration Date	March 1, 2021, 6:57 p.m.
Last Update	Nov. 21, 2024, 12:49 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0::::::x64:
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0::::::x64:
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
cpe:2.3:a:libtirpc_project:libtirpc::::::::				0.3.3

Related information, measures and tools

No	URL	タグ
1	http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=1c77f7a869bdea2a34799d774460d1f9983d45f0
2	https://access.redhat.com/errata/RHBA-2017:1991	Third Party Advisory
3	https://bugzilla.novell.com/show_bug.cgi?id=968175	Issue Tracking Third Party Advisory
4	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14622	Issue Tracking Third Party Advisory
5	https://lists.debian.org/debian-lts-announce/2018/08/msg00034.html	Mailing List Third Party Advisory
6	https://usn.ubuntu.com/3759-1/	Third Party Advisory
7	https://usn.ubuntu.com/3759-2/	Third Party Advisory
8	http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=1c77f7a869bdea2a34799d774460d1f9983d45f0
9	https://usn.ubuntu.com/3759-2/	Third Party Advisory
10	https://usn.ubuntu.com/3759-1/	Third Party Advisory
11	https://lists.debian.org/debian-lts-announce/2018/08/msg00034.html	Mailing List Third Party Advisory
12	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14622	Issue Tracking Third Party Advisory
13	https://bugzilla.novell.com/show_bug.cgi?id=968175	Issue Tracking Third Party Advisory
14	https://access.redhat.com/errata/RHBA-2017:1991	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-252	未チェックの戻り値	https://cwe.mitre.org/data/definitions/252.html

JVN Vulnerability Information

libtirpc におけるファイル記述子の枯渇に関する脆弱性

Title	libtirpc におけるファイル記述子の枯渇に関する脆弱性
Summary	libtirpc には、ファイル記述子の枯渇に関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Aug. 22, 2018, midnight
Registration Date	Jan. 16, 2019, 6:13 p.m.
Last Update	Jan. 16, 2019, 6:13 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Server AUS

Red Hat Enterprise Linux Server EUS

Red Hat Enterprise Linux Workstation

Debian

Debian GNU/Linux

Canonical

Ubuntu

libtirpc project

LIBTIRPC 0.3.3-rc3 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-14622	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14622
National Vulnerability Database (NVD)
2	CVE-2018-14622	https://nvd.nist.gov/vuln/detail/CVE-2018-14622

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-769	https://cwe.mitre.org/data/definitions/769.html

ベンダー情報

No	Name	URL
Debian
1	[SECURITY] [DLA 1487-1] libtirpc security update	https://lists.debian.org/debian-lts-announce/2018/08/msg00034.html
Git
2	rendezvous_request: check the makefd_xprt return value	http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0
Red Hat Bugzilla
3	Bug 1620293	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14622
Red Hat Security Advisory
4	RHBA-2017:1991	https://access.redhat.com/errata/RHBA-2017:1991
SourceForge
5	libtirpc	https://sourceforge.net/projects/libtirpc/
Ubuntu Security Notice
6	USN-3759-1	https://usn.ubuntu.com/3759-1/
7	USN-3759-2	https://usn.ubuntu.com/3759-2/

Change Log

No	Changed Details	Date of change
1	[2019年01月16日] 掲載	Jan. 16, 2019, 6:13 p.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0::::::x64:
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0::::::x64:
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
cpe:2.3:a:libtirpc_project:libtirpc::::::::				0.3.3