A flaw was found in libtirpc. The return value of makefd_xprt was used without checking for NULL in svc_vc.c, leading to a null pointer dereference / segfault if the maximum number of available file descriptors was exhausted. References: https://bugzilla.novell.com/show_bug.cgi?id=968175 Upstream Patch: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0
Created libtirpc tracking bugs for this issue: Affects: fedora-all [bug 1620295]
This was fixed in RHEL 7 as part of bug 1410617.
Hi I think there is need of clarification for CVE-2018-14622 (and CVE-2018-14621). CVE-2018-14622 refers to http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0 and additionally to the SuSE bug https://bugzilla.novell.com/show_bug.cgi?id=968175 But there is as well https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9265 referecing http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0 and https://bugzilla.suse.com/show_bug.cgi?id=968175 CVE-2018-14621 seem to refer to the "second issue" of that SuSE bug, which SuSE prooposes to address with https://bugzilla.novell.com/attachment.cgi?id=666865 but the upstream commit finally adressing it seem to be http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b (as such this issue woul only affect 0.3.3-rc3 onwards). Does CVE-2018-14622 need to be rejected?
For the record, the 2015 CVE will be rejected in favour of the 2018 one.