Search for vulnerabilities
Vulnerability details: VCID-9znp-ea7v-6yh6
Vulnerability ID VCID-9znp-ea7v-6yh6
Aliases CVE-2017-8779
Summary
Status Published
Exploitability 2.0
Weighted Severity 6.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-400 Uncontrolled Resource Consumption
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8779.json
epss 0.82027 https://api.first.org/data/v1/epss?cve=CVE-2017-8779
epss 0.82027 https://api.first.org/data/v1/epss?cve=CVE-2017-8779
epss 0.84199 https://api.first.org/data/v1/epss?cve=CVE-2017-8779
epss 0.84199 https://api.first.org/data/v1/epss?cve=CVE-2017-8779
epss 0.84199 https://api.first.org/data/v1/epss?cve=CVE-2017-8779
epss 0.84199 https://api.first.org/data/v1/epss?cve=CVE-2017-8779
epss 0.84199 https://api.first.org/data/v1/epss?cve=CVE-2017-8779
epss 0.84199 https://api.first.org/data/v1/epss?cve=CVE-2017-8779
epss 0.84199 https://api.first.org/data/v1/epss?cve=CVE-2017-8779
epss 0.84199 https://api.first.org/data/v1/epss?cve=CVE-2017-8779
epss 0.84199 https://api.first.org/data/v1/epss?cve=CVE-2017-8779
epss 0.84199 https://api.first.org/data/v1/epss?cve=CVE-2017-8779
epss 0.84199 https://api.first.org/data/v1/epss?cve=CVE-2017-8779
epss 0.84199 https://api.first.org/data/v1/epss?cve=CVE-2017-8779
epss 0.84199 https://api.first.org/data/v1/epss?cve=CVE-2017-8779
cvssv2 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux Medium https://security.archlinux.org/AVG-261
archlinux Medium https://security.archlinux.org/AVG-262
archlinux Medium https://security.archlinux.org/AVG-263
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8779.json
https://api.first.org/data/v1/epss?cve=CVE-2017-8779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8779
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1448124 https://bugzilla.redhat.com/show_bug.cgi?id=1448124
861834 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861834
ASA-201705-4 https://security.archlinux.org/ASA-201705-4
ASA-201705-5 https://security.archlinux.org/ASA-201705-5
ASA-201705-6 https://security.archlinux.org/ASA-201705-6
AVG-261 https://security.archlinux.org/AVG-261
AVG-262 https://security.archlinux.org/AVG-262
AVG-263 https://security.archlinux.org/AVG-263
CVE-2017-8779 Exploit https://github.com/guidovranken/rpcbomb/blob/fe53048af2d4fb78c911e71a30f21afcffbbf5e1/rpcbomb.rb
CVE-2017-8779 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/41974.rb
RHSA-2017:1262 https://access.redhat.com/errata/RHSA-2017:1262
RHSA-2017:1263 https://access.redhat.com/errata/RHSA-2017:1263
RHSA-2017:1267 https://access.redhat.com/errata/RHSA-2017:1267
RHSA-2017:1268 https://access.redhat.com/errata/RHSA-2017:1268
RHSA-2017:1395 https://access.redhat.com/errata/RHSA-2017:1395
USN-3759-1 https://usn.ubuntu.com/3759-1/
USN-3759-2 https://usn.ubuntu.com/3759-2/
USN-4986-1 https://usn.ubuntu.com/4986-1/
USN-4986-2 https://usn.ubuntu.com/4986-2/
Data source Metasploit
Description This module exploits a vulnerability in certain versions of rpcbind, LIBTIRPC, and NTIRPC, allowing an attacker to trigger large (and never freed) memory allocations for XDR strings on the target.
Note 
Stability:
  - crash-service-down
SideEffects: []
Reliability: []
Ransomware campaign use Unknown
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/rpc/rpcbomb.rb
Data source Exploit-DB
Date added May 8, 2017
Description RPCBind / libtirpc - Denial of Service
Ransomware campaign use Unknown
Source publication date May 8, 2017
Exploit type dos
Platform linux
Source update date May 8, 2017
Source URL https://github.com/guidovranken/rpcbomb/blob/fe53048af2d4fb78c911e71a30f21afcffbbf5e1/rpcbomb.rb
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8779.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.99164
EPSS Score 0.82027
Published At Aug. 2, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:28:32.885016+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.20/main.json 37.0.0