Debian CVE-2021-46828: libtirpc: lead to an svc_run infinite loop
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Zhixiong Chi |
Bug Description
CVE-2021-46828: [https:/
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2021-46828 fixed 7.5 N L N N H
References:
https:/
['libtirpc-
Found during August 2022 CVE scan using vulscan
CVE References
Changed in starlingx: | |
assignee: | Yue Tao (wrytao) → Zhixiong Chi (zhixiongchi) |
status: | Triaged → In Progress |
description: | updated |
screening: stx.8.0 / medium - CVE meets the stx fix criteria