USN-4986-3

Source
https://ubuntu.com/security/notices/USN-4986-3
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4986-3.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4986-3
Published
2021-06-10T19:12:42Z
Modified
2026-02-10T04:42:13Z
Summary
rpcbind regression
Details

USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression resulting in rpcbind crashing in certain environments. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to consume resources, leading to a denial of service.

References

Affected packages

Ubuntu:18.04:LTS / rpcbind

Package

Name
rpcbind
Purl
pkg:deb/ubuntu/rpcbind@0.2.3-0.6ubuntu0.18.04.3?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.3-0.6ubuntu0.18.04.3

Affected versions

0.*
0.2.3-0.6
0.2.3-0.6ubuntu0.18.04.1
0.2.3-0.6ubuntu0.18.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "rpcbind",
            "binary_version": "0.2.3-0.6ubuntu0.18.04.3"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4986-3.json"
cves_map
{
    "ecosystem": "Ubuntu:18.04:LTS",
    "cves": []
}