This page lists publicly disclosed CVE vulnerabilities affecting rpcbind_project rpcbind (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2010-2064 | rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. | [email protected] | 7.1 | 0.07% | 2019-10-29 | 2024-11-21 |
| CVE-2010-2061 | rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started. | [email protected] | 7.8 | 0.06% | 2019-10-29 | 2024-11-21 |
| CVE-2017-8779 | rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. | [email protected] | 7.5 | 81.38% | 2017-05-04 | 2026-05-13 |
| CVE-2015-7236 | Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code. | [email protected] | 7.5 | 4.17% | 2015-10-01 | 2026-05-06 |