CVE-2017-8804 Information

Share on:

Description

LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization which allows remote attackers to cause a denial of service (virtual memory allocation or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111 a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references]

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00049.html http://www.openwall.com/lists/oss-security/2017/05/05/2 http://www.securityfocus.com/bid/98339 https://bugzilla.suse.com/show_bug.cgi?id=1037559c7 https://seclists.org/oss-sec/2017/q2/228 https://sourceware.org/bugzilla/show_bug.cgi?id=21461 https://sourceware.org/legacy-ml/libc-alpha/2017-05/msg00128.html https://sourceware.org/legacy-ml/libc-alpha/2017-05/msg00129.html https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5