OpenCVE

An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Libtirpc Project	Libtirpc

Configuration 1 [-]

OR	cpe:2.3:a:libtirpc_project:libtirpc::::::::
	cpe:2.3:a:libtirpc_project:libtirpc:1.0.2:rc1::::::

No data.

References

Link	Providers
http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=fce98161d9815ea016855d9f00274276452c2c4b
https://bugzilla.novell.com/show_bug.cgi?id=968175
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621
https://nvd.nist.gov/vuln/detail/CVE-2018-14621
https://www.cve.org/CVERecord?id=CVE-2018-14621

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-08-30T13:00:00

Updated: 2024-08-05T09:29:51.860Z

Reserved: 2018-07-27T00:00:00

Link: CVE-2018-14621

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-08-30T13:29:00.487

Modified: 2023-11-07T02:52:59.127

Link: CVE-2018-14621

Redhat

Severity : Low

Publid Date: 2016-03-03T00:00:00Z

Links: CVE-2018-14621 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "libtirpc", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "1.0.2-rc2"}]}], "datePublic": "2016-03-03T00:00:00", "descriptions": [{"lang": "en", "value": "An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-835", "description": "CWE-835", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-08-30T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=fce98161d9815ea016855d9f00274276452c2c4b"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=968175"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-14621", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "libtirpc", "version": {"version_data": [{"version_value": "1.0.2-rc2"}]}}]}, "vendor_name": "[UNKNOWN]"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted."}]}, "impact": {"cvss": [[{"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-835"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621"}, {"name": "http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b", "refsource": "CONFIRM", "url": "http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b"}, {"name": "https://bugzilla.novell.com/show_bug.cgi?id=968175", "refsource": "CONFIRM", "url": "https://bugzilla.novell.com/show_bug.cgi?id=968175"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:29:51.860Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=fce98161d9815ea016855d9f00274276452c2c4b"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=968175"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-14621", "datePublished": "2018-08-30T13:00:00", "dateReserved": "2018-07-27T00:00:00", "dateUpdated": "2024-08-05T09:29:51.860Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libtirpc_project:libtirpc:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1FF7336-78CD-4C57-8149-8C31AF870ACB", "versionEndIncluding": "1.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:libtirpc_project:libtirpc:1.0.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "10C4B4FC-55E5-49D2-94DC-BE6C7EB56AB4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de bucle infinito en libtirpc en versiones anteriores a la 1.0.2-rc2. Con el puerto para utilizar poll en lugar de select, el agotamiento de los descriptores de archivo podr\u00edan provocar que el servidor entre en un bucle infinito, consumiendo una gran cantidad de tiempo de CPU y denegando el servicio a otros clientes hasta que se reinicie."}], "id": "CVE-2018-14621", "lastModified": "2023-11-07T02:52:59.127", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-08-30T13:29:00.487", "references": [{"source": "secalert@redhat.com", "url": "http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=fce98161d9815ea016855d9f00274276452c2c4b"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=968175"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-835"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "libtirpc: Infinite loop in EMFILE case in svc_vc.c", "id": "1620290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620290"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-835", "details": ["An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.", "An infinite loop vulnerability was found in libtirpc. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted."], "name": "CVE-2018-14621", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Not affected", "package_name": "libntirpc", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Not affected", "package_name": "libntirpc", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libtirpc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libtirpc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libtirpc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openshift:3", "fix_state": "Not affected", "package_name": "libtirpc", "product_name": "Red Hat OpenShift Enterprise 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "libntirpc", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "libtirpc", "product_name": "Red Hat Virtualization 4"}], "public_date": "2016-03-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-14621\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14621"], "threat_severity": "Low", "upstream_fix": "libtirpc 1.0.2-rc2"}