CVE-2021-46828

Name	CVE-2021-46828
Description	In libtirpc before 1.3.3rc1, remote attackers could exhaust the file d ...
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-3071-1, DSA-5200-1
Debian Bugs	1015873

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
libtirpc (PTS)	bullseye (security), bullseye	1.3.1-1+deb11u1	fixed
	bookworm	1.3.3+ds-1	fixed
	trixie	1.3.6+ds-1	fixed
	forky, sid	1.3.7+ds-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
libtirpc	source	buster	1.1.4-0.4+deb10u1	DLA-3071-1
libtirpc	source	bullseye	1.3.1-1+deb11u1	DSA-5200-1
libtirpc	source	(unstable)	1.3.2-2.1		1015873

Notes

Fixed by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed (libtirpc-1-3-3-rc1)
Introduced by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=b2c9430f46c4ac848957fb8adaac176a3f6ac03f (libtirpc-0-3-3-rc3)