ID CVE-2013-1950
Summary The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.
References
Vulnerable Configurations
  • cpe:2.3:a:libtirpc_project:libtirpc:0.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.0.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.0.9:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.0.10:-:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.0.10:-:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.0.10:rc1:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.0.10:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.1:-:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.1:-:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.1:rc3:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.1:rc3:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.2:-:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.2:-:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.2:rc3:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.2:rc3:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.2:rc4:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.2:rc4:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.3:-:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.3:-:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.3:rc3:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.3:rc3:*:*:*:*:*:*
  • cpe:2.3:a:libtirpc_project:libtirpc:0.2.3:rc4:*:*:*:*:*:*
    cpe:2.3:a:libtirpc_project:libtirpc:0.2.3:rc4:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 20-09-2022 - 16:00)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 948378
title CVE-2013-1950 libtirpc: invalid pointer free leads to rpcbind daemon crash
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment libtirpc is earlier than 0:0.2.1-6.el6_4
          oval oval:com.redhat.rhsa:tst:20130884001
        • comment libtirpc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171991002
      • AND
        • comment libtirpc-devel is earlier than 0:0.2.1-6.el6_4
          oval oval:com.redhat.rhsa:tst:20130884003
        • comment libtirpc-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171991004
rhsa
id RHSA-2013:0884
released 2013-05-30
severity Moderate
title RHSA-2013:0884: libtirpc security update (Moderate)
rpms
  • libtirpc-0:0.2.1-6.el6_4
  • libtirpc-debuginfo-0:0.2.1-6.el6_4
  • libtirpc-devel-0:0.2.1-6.el6_4
refmap via4
confirm
Last major update 20-09-2022 - 16:00
Published 09-07-2013 - 17:55
Last modified 20-09-2022 - 16:00
Back to Top