The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2018:3431 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:3432 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:3470 | Third Party Advisory Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14652 | Issue Tracking Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/201904-06 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
12 Feb 2023, 23:32
Type | Values Removed | Values Added |
---|---|---|
Summary | The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service. | |
CWE | CWE-120 | |
References |
|
02 Feb 2023, 16:18
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-119 | |
References |
|
|
Summary | A buffer overflow was found in strncpy of the pl_getxattr() function. An authenticated attacker could remotely overflow the buffer by sending a buffer of larger length than the size of the key resulting in remote denial of service. |
12 Apr 2022, 18:34
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Virtualization Host
|
|
References | (GENTOO) https://security.gentoo.org/glsa/201904-06 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html - Mailing List, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2018:3470 - Third Party Advisory, Vendor Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:enterprise_virtualization_host:4.0:*:*:*:*:*:*:* |
17 Nov 2021, 22:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Nov 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Nov 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-120 | |
References |
|
Information
Published : 2018-10-31 19:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-14652
Mitre link : CVE-2018-14652
CVE.ORG link : CVE-2018-14652
JSON object : View
Products Affected
redhat
- enterprise_virtualization_host
- gluster_storage
- enterprise_linux_server
- enterprise_linux_virtualization
debian
- debian_linux