{"id":"CVE-2017-8779","details":"rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.","modified":"2026-03-15T22:18:02.418230Z","published":"2017-05-04T14:29:00.230Z","related":["MGASA-2017-0183","SUSE-SU-2017:1306-1","SUSE-SU-2017:1314-1","SUSE-SU-2017:1328-1","SUSE-SU-2017:1336-1","SUSE-SU-2017:1468-1","openSUSE-SU-2024:11304-1"],"references":[{"type":"WEB","url":"https://usn.ubuntu.com/3759-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/3759-2/"},{"type":"WEB","url":"https://www.exploit-db.com/exploits/41974/"},{"type":"WEB","url":"http://www.securitytracker.com/id/1038532"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1262"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1267"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1268"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201706-07"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20180109-0001/"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3845"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHBA-2017:1497"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1263"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98325"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1395"},{"type":"ADVISORY","url":"https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/"},{"type":"FIX","url":"https://github.com/drbothen/GO-RPCBOMB"},{"type":"FIX","url":"http://openwall.com/lists/oss-security/2017/05/03/12"},{"type":"FIX","url":"http://openwall.com/lists/oss-security/2017/05/04/1"},{"type":"FIX","url":"https://github.com/guidovranken/rpcbomb/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8779.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.2.4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.4.3"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}