{
  "threat_severity" : "Low",
  "public_date" : "2016-03-03T00:00:00Z",
  "bugzilla" : {
    "description" : "libtirpc: Infinite loop in EMFILE case in svc_vc.c",
    "id" : "1620290",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1620290"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-835",
  "details" : [ "An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.", "An infinite loop vulnerability was found in libtirpc. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted." ],
  "package_state" : [ {
    "product_name" : "Red Hat Ceph Storage 2",
    "fix_state" : "Not affected",
    "package_name" : "libntirpc",
    "cpe" : "cpe:/a:redhat:ceph_storage:2"
  }, {
    "product_name" : "Red Hat Ceph Storage 3",
    "fix_state" : "Not affected",
    "package_name" : "libntirpc",
    "cpe" : "cpe:/a:redhat:ceph_storage:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libtirpc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "libtirpc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "libtirpc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat OpenShift Enterprise 3",
    "fix_state" : "Not affected",
    "package_name" : "libtirpc",
    "cpe" : "cpe:/a:redhat:openshift:3"
  }, {
    "product_name" : "Red Hat Storage 3",
    "fix_state" : "Not affected",
    "package_name" : "libntirpc",
    "cpe" : "cpe:/a:redhat:storage:3"
  }, {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Not affected",
    "package_name" : "libtirpc",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-14621\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14621" ],
  "name" : "CVE-2018-14621",
  "csaw" : false
}