CVE-2018-14622

Name of the Vulnerable Software and Affected Versions libtirpc versions prior to 0.3.3-rc3

Description A null-pointer dereference issue was found in the makefd xprt() function, where the return value was not checked in all instances. This could lead to a crash when the server exhausts the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.

Recommendations For versions prior to 0.3.3-rc3, update to version 0.3.3-rc3 or later to resolve the issue. As a temporary workaround, consider restricting the number of new connections to prevent the server from exhausting its available file descriptors.