CVE-2017-8779

HIGH

rpcbind < 0.2.4 - Denial of Service via Crafted UDP Packet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-8779. PoCs published by Guido Vranken, drbothen, guidovranken, including Metasploit module auxiliary/dos/rpc/rpcbomb.

AI-analyzed exploit summary This exploit targets a denial-of-service (DoS) vulnerability in *nix rpcbind/libtirpc by sending a maliciously crafted UDP packet to allocate a large number of bytes, causing the service to crash. The PoC constructs a UDP packet with specific RPC fields and sends it to the target host.

Description

rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.

Exploits (3)

exploitdb WORKING POC
by Guido Vranken · rubydoslinux
https://www.exploit-db.com/exploits/41974

This exploit targets a denial-of-service (DoS) vulnerability in *nix rpcbind/libtirpc by sending a maliciously crafted UDP packet to allocate a large number of bytes, causing the service to crash. The PoC constructs a UDP packet with specific RPC fields and sends it to the target host.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: rpcbind/libtirpc (affecting *nix systems)
No auth needed
Prerequisites: Network access to the target's rpcbind service (default port 111/UDP)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by drbothen · poc
https://github.com/drbothen/GO-RPCBOMB

This is a Go-based proof-of-concept exploit for CVE-2017-8779, a denial-of-service vulnerability in rpcbind/libtirpc. It sends crafted UDP packets to trigger excessive memory allocation, leading to a DoS condition.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3
No auth needed
Prerequisites: Network access to the target's RPC port (default 111/UDP)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by guidovranken · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/rpc/rpcbomb.rb

This Metasploit module exploits a vulnerability in rpcbind/libtirpc (CVE-2017-8779) by sending malformed RPC packets to trigger excessive memory allocation, leading to a denial-of-service (DoS) condition.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: rpcbind, LIBTIRPC, NTIRPC
No auth needed
Prerequisites: Network access to target's RPC port (111/UDP)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3759-2/
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1267
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3759-1/
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1262
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1268
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/drbothen/GO-RPCBOMB
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHBA-2017:1497
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/guidovranken/rpcbomb/
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20180109-0001/
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201706-07
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038532
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98325
Mailing List, Patch, Third Party Advisory x_refsource_misc
http://openwall.com/lists/oss-security/2017/05/03/12
Mailing List, Patch, Third Party Advisory x_refsource_misc
http://openwall.com/lists/oss-security/2017/05/04/1
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1395
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1263
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41974/
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2017/dsa-3845

Scores

CVSS v3 7.5
EPSS 0.8192
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-770
Status published
Products (3)
libtirpc_project/libtirpc < 1.0.1
ntirpc_project/ntirpc < 1.4.3
rpcbind_project/rpcbind < 0.2.4
Published May 04, 2017
Tracked Since Feb 18, 2026