CVE-2014-3619

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-3619
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://advisories.mageia.org/MGASA-2015-0145.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00031.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00056.html
http://review.gluster.org/#/c/8662/4
http://www.mandriva.com/security/advisories?name=MDVSA-2015:211
https://bugzilla.redhat.com/show_bug.cgi?id=1138145
Configurations

Configuration 1 (hide)

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:gluster:glusterfs:3.5:*:*:*:*:*:*:*
History

13 Feb 2023, 00:41

Type Values Removed Values Added
Summary A denial of service flaw was found in the way the __socket_proto_state_machine() function of glusterfs processed certain fragment headers. A remote attacker could send a specially crafted fragment header that, when processed, would cause the glusterfs process to enter an infinite loop. The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.
References
  • {'url': 'https://access.redhat.com/errata/RHBA-2015:0040', 'name': 'https://access.redhat.com/errata/RHBA-2015:0040', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2014-3619', 'name': 'https://access.redhat.com/security/cve/CVE-2014-3619', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHBA-2015:0038', 'name': 'https://access.redhat.com/errata/RHBA-2015:0038', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 20:17

Type Values Removed Values Added
Summary The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header. A denial of service flaw was found in the way the __socket_proto_state_machine() function of glusterfs processed certain fragment headers. A remote attacker could send a specially crafted fragment header that, when processed, would cause the glusterfs process to enter an infinite loop.
References
  • (MISC) https://access.redhat.com/errata/RHBA-2015:0040 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2014-3619 -
  • (MISC) https://access.redhat.com/errata/RHBA-2015:0038 -
Information

Published : 2015-03-27 14:59

Updated : 2023-12-10 11:31

NVD link : CVE-2014-3619

Mitre link : CVE-2014-3619

CVE.ORG link : CVE-2014-3619

JSON object : View

Products Affected

gluster

  • glusterfs

opensuse

  • opensuse
CWE
CWE-399

Resource Management Errors