CVE-2018-14621
Published: 30 August 2018
An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.
Priority
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
libtirpc Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| precise |
Not vulnerable
(code not present)
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Not vulnerable
(debian: Vulnerable code not in a released version)
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
Patches: other: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b |
||