CVE-2017-8804 - OpenCVE

The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Gnu	Glibc

Configuration 1 [-]

cpe:2.3:a:gnu:glibc:2.25:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00049.html
http://www.openwall.com/lists/oss-security/2017/05/05/2	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/98339	Broken Link
https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7	Issue Tracking Patch
https://seclists.org/oss-sec/2017/q2/228
https://sourceware.org/bugzilla/show_bug.cgi?id=21461	Issue Tracking Patch
https://sourceware.org/legacy-ml/libc-alpha/2017-05/msg00128.html
https://sourceware.org/legacy-ml/libc-alpha/2017-05/msg00129.html
https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html	Issue Tracking Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-05-07T18:00:00

Updated: 2020-08-26T13:53:51

Reserved: 2017-05-07T00:00:00

Link: CVE-2017-8804

JSON object: View

NVD Information

Status : Modified

Published: 2017-05-07T18:29:00.157

Modified: 2024-05-17T01:20:27.397

Link: CVE-2017-8804

JSON object: View

Redhat Information

No data.

CWE

CWE-502

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-05-07T00:00:00", "descriptions": [{"lang": "en", "value": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-26T13:53:51", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html"}, {"name": "98339", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98339"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21461"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openwall.com/lists/oss-security/2017/05/05/2"}, {"name": "SUSE-SU-2018:0565", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00049.html"}, {"name": "openSUSE-SU-2018:0494", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00039.html"}, {"name": "SUSE-SU-2018:0451", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00026.html"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceware.org/legacy-ml/libc-alpha/2017-05/msg00128.html"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceware.org/legacy-ml/libc-alpha/2017-05/msg00129.html"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/oss-sec/2017/q2/228"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-8804", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references]"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7"}, {"name": "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html", "refsource": "CONFIRM", "url": "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html"}, {"name": "98339", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98339"}, {"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", "refsource": "CONFIRM", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21461"}, {"name": "http://www.openwall.com/lists/oss-security/2017/05/05/2", "refsource": "CONFIRM", "url": "http://www.openwall.com/lists/oss-security/2017/05/05/2"}, {"name": "SUSE-SU-2018:0565", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00049.html"}, {"name": "openSUSE-SU-2018:0494", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00039.html"}, {"name": "SUSE-SU-2018:0451", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00026.html"}, {"name": "https://sourceware.org/legacy-ml/libc-alpha/2017-05/msg00128.html", "refsource": "MISC", "url": "https://sourceware.org/legacy-ml/libc-alpha/2017-05/msg00128.html"}, {"name": "https://sourceware.org/legacy-ml/libc-alpha/2017-05/msg00129.html", "refsource": "MISC", "url": "https://sourceware.org/legacy-ml/libc-alpha/2017-05/msg00129.html"}, {"name": "https://seclists.org/oss-sec/2017/q2/228", "refsource": "MISC", "url": "https://seclists.org/oss-sec/2017/q2/228"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-8804", "datePublished": "2017-05-07T18:00:00", "dateReserved": "2017-05-07T00:00:00", "dateUpdated": "2020-08-26T13:53:51", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:2.25:*:*:*:*:*:*:*", "matchCriteriaId": "36AD162E-4C9C-48A5-B2BF-9C0B4BDD5822", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references"}, {"lang": "es", "value": "**EN DISPUTA** Las funciones xdr_bytes y xdr_string en la librer\u00eda GNU C (conocida como glibc o libc6) 2.25 no maneja adecuadamente los fallos de deserializaci\u00f3n de buffer, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio a trav\u00e9s de paquetes UDP manipulados en el puerto 111, un problema relacionado con CVE-2017-8779. NOTA: [Informaci\u00f3n suministrada por el usuario y referencias]"}], "id": "CVE-2017-8804", "lastModified": "2024-05-17T01:20:27.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-07T18:29:00.157", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00026.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00039.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00049.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/05/05/2"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/98339"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7"}, {"source": "cve@mitre.org", "url": "https://seclists.org/oss-sec/2017/q2/228"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21461"}, {"source": "cve@mitre.org", "url": "https://sourceware.org/legacy-ml/libc-alpha/2017-05/msg00128.html"}, {"source": "cve@mitre.org", "url": "https://sourceware.org/legacy-ml/libc-alpha/2017-05/msg00129.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}