You are here

CVE-2013-1950

Vincent (CVE) Danen's picture
The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.

Details Source

Mitre

Public Date

2013-04-18 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-1950 libtirpc: invalid pointer free leads to rpcbind daemon crash

Bugzilla ID

948 378

CVSS Status

verified

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:N/I:N/A:P

Acknowledgements

Red Hat would like to thank Michael Armstrong for reporting this issue.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (libtirpc) RHSA-2013:0884 2013-05-30

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 portmap Not affected