What is CVE-2013-1950?

CVE-2013-1950 is a vulnerability in Libtirpc_project Libtirpc, classified under CWE-399. Published 2013-07-09.

Is CVE-2013-1950 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Libtirpc_project Libtirpc

CVE-2013-1950

The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.

EPSS: 0.088 (92.7th percentile) — read the EPSS interpretation.

Affected products

Libtirpc_project Libtirpc — versions 0.1.8, 0.1.9, 0.1.10
N/a — versions n/a

Weakness classification (CWE)

CWE-399

Public proof-of-concept exploits

Live-Hack-CVE/CVE-2013-1950

References

secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2013:0884 (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2013-1950?: CVE-2013-1950 is a vulnerability in Libtirpc_project Libtirpc, classified under CWE-399. Published 2013-07-09.
Is CVE-2013-1950 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.