CVE-2018-14622

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.

Se ha encontrado una vulnerabilidad de desreferencia de puntero NULL en libtirpc en versiones anteriores a la 0.3.3-rc3. El valor de retorno de makefd_xprt() no se comprobó en todas las instancias, lo que podría conducir a un cierre inesperado cuando el servidor agotó el número máximo de descriptores de archivo disponibles. Un atacante remoto podría provocar que una aplicación basada en rpc se cierre inesperadamente inundándola con nuevas conexiones.