CVE-2013-1950

Name of the Vulnerable Software and Affected Versions libtirpc versions 0.2.1 through 0.2.3 libtirpc-devel versions 0.2.1 libtirpc-debuginfo versions 0.2.1

Description The issue allows remote attackers to cause a denial of service, potentially leading to disruption of protected information. This can be exploited remotely. The svc dg getargs function in libtirpc is vulnerable to a denial of service attack via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.

Recommendations For libtirpc versions 0.2.1 through 0.2.3, consider updating to a version later than 0.2.3 to resolve the issue. For libtirpc-devel versions 0.2.1, update to a version later than 0.2.1. For libtirpc-debuginfo versions 0.2.1, update to a version later than 0.2.1. As a temporary workaround, consider restricting access to the svc dg getargs function until a patch is available.