CVE ID
CVE-2017-8779
DESCRIPTION
It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory
leak can occur when parsing specially crafted XDR messages. An attacker
sending thousands of messages to rpcbind could cause its memory usage to grow
without bound, eventually causing it to be terminated by the OOM killer.
CVSS3 Base Score 7.5
RESOLUTION
Fixed in latest Unitrends security update with
libtirpc-0.2.1-13.el6_9, rpcbind-0.2.0-13.el6_9