Fluid Attacks Database

Description

The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package
rpm rhel6	glibc
rpm rhel5	glibc
rpm rhel7	glibc
rpm rhel5	compat-glibc
rpm rhel6	compat-glibc
rpm rhel7	compat-glibc

Aliases

1. CVE-2017-88042. NVD-2017-88043. OSV-2017-8804

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.