CVE-2017-8804 (retired)

Priority
Description
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or
libc6) 2.25 mishandle failures of buffer deserialization, which allows
remote attackers to cause a denial of service (virtual memory allocation,
or memory consumption if an overcommit setting is not used) via a crafted
UDP packet to port 111, a related issue to CVE-2017-8779.
Notes
 sbeattie> disputed by glibc upstream, assertion is that it's an
application failure, see CVE-2017-8779 rpc implementations affected
Package
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
More Information

Updated: 2019-08-23 09:22:08 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)