CVE-2021-46828

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libtirpc versions prior to 1.3.3rc1

Description The issue is related to the mishandling of idle TCP connections, which can lead to the exhaustion of file descriptors of a process that uses libtirpc. This can cause an svc run infinite loop without accepting new connections, resulting in a denial of service. Remote attackers could exploit this issue.

Recommendations For libtirpc versions prior to 1.3.3rc1, update to version 1.3.3rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable process to minimize the risk of exploitation.

Fix

Improper Handling of Exceptional Conditions

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755CWE-835

Related Identifiers

ALSA-2022:8400

ALT-PU-2022-2359

ALT-PU-2022-2547

ALT-PU-2024-13287

BDU:2024-02624

CVE-2021-46828

DLA-3071-1

DSA-5200-1

MGASA-2022-0288

OESA-2022-1795

OPENSUSE-SU-2022_3305-1

OPENSUSE-SU-2024:12278-1

RHSA-2022:8400

RHSA-2022_8400

RLSA-2022:8400

SUSE-SU-2022:2991-1

SUSE-SU-2022:3305-1

SUSE-SU-2022:3791-1

SUSE-SU-2022_2991-1

SUSE-SU-2022_3305-1

SUSE-SU-2022_3791-1

USN-5538-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libtirpc

CVE-2021-46828

Weakness Enumeration

Related Identifiers

Affected Products

References · 52