Vulnerability Details : CVE-2018-14621
An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.
Products affected by CVE-2018-14621
- cpe:2.3:a:libtirpc_project:libtirpc:*:*:*:*:*:*:*:*
- cpe:2.3:a:libtirpc_project:libtirpc:1.0.2:rc1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-14621
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-14621
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
Red Hat, Inc. |
CWE ids for CVE-2018-14621
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2018-14621
-
http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b
git.linux-nfs.org Git - steved/libtirpc.git/commitPatch;Third Party Advisory
-
https://bugzilla.novell.com/show_bug.cgi?id=968175
Bug 968175 – VUL-0: CVE-2015-9265: libtirpc: remote crash of RPC servicesIssue Tracking;Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621
1620290 – (CVE-2018-14621) CVE-2018-14621 libtirpc: Infinite loop in EMFILE case in svc_vc.cIssue Tracking;Patch;Third Party Advisory
Jump to