The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2018:3431 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:3432 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:3470 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14653 | Issue Tracking Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/201904-06 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
12 Feb 2023, 23:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-122 | |
Summary | The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. |
02 Feb 2023, 16:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-787 | |
Summary | A buffer overflow on the heap was found in gf_getspec_req RPC request. A remote, authenticated attacker could use this flaw to cause denial of service and read arbitrary files on glusterfs server node. |
16 Dec 2021, 18:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html - Mailing List, Third Party Advisory |
17 Nov 2021, 22:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Nov 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Nov 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-122 |
Information
Published : 2018-10-31 19:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-14653
Mitre link : CVE-2018-14653
CVE.ORG link : CVE-2018-14653
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- gluster_storage
- enterprise_linux_virtualization
debian
- debian_linux