id summary reporter owner description type status priority milestone component version severity resolution keywords cc 9284 Vulnerabilities in rpcbind and libtirpc ken@… ken@… "This one had passed me by. CVE-2017-8779 rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, [ and NTIRPC through 1.4.3 ] do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. Patches for rpcbind and libtirpc at https://github.com/guidovranken/rpcbomb - I see that both Fedora and Arch seem to be using these. The rpcbind part can probably be done by a sed." defect closed high 8.1 BOOK SVN normal fixed