CVE-2017-8804

Name of the Vulnerable Software and Affected Versions glibc versions 2.25

Description The issue is related to the xdr bytes and xdr string functions in the GNU C Library, which mishandle failures of buffer deserialization. This can be exploited by a remote attacker using a specially crafted UDP packet sent to port 111, potentially causing a denial of service due to virtual memory allocation or memory consumption if an overcommit setting is not used.

Recommendations For glibc version 2.25, consider restricting access to the vulnerable functions xdr bytes and xdr string to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the xdr bytes and xdr string functions in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.