7.5

CVE-2018-11793

When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

Data is provided by the National Vulnerability Database (NVD)
ApacheMesos Version >= 1.4.0 < 1.4.3
ApacheMesos Version >= 1.5.0 < 1.5.2
ApacheMesos Version >= 1.6.0 < 1.6.2
ApacheMesos Version >= 1.7.0 < 1.7.1
ApacheMesos Version1.4.0 Updaterc1
ApacheMesos Version1.4.0 Updaterc2
ApacheMesos Version1.4.0 Updaterc3
ApacheMesos Version1.4.0 Updaterc4
ApacheMesos Version1.4.0 Updaterc5
ApacheMesos Version1.8.0 Updatedev
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 3.32% 0.868
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/107281
Third Party Advisory
VDB Entry