Vulnerabilities > CVE-2021-46828 - Infinite Loop vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
libtirpc-project
debian
CWE-835
NVD
Published: 2022-07-20
Updated: 2023-11-07

Summary

In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.

Vulnerable Configurations

Part Description Count
Application
Libtirpc_Project
69
OS
Debian
2

Common Weakness Enumeration (CWE)

References