6.5

CVE-2018-14659

The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatGluster File System Version >= 3.0.0 <= 3.1.2
RedhatGluster File System Version >= 4.1.0 <= 4.1.4
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
RedhatVirtualization Version4.0
   RedhatEnterprise Linux Version7.0
RedhatVirtualization Host Version4.0
   RedhatEnterprise Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.17% 0.799
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
secalert@redhat.com 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/201904-06
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3470
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3431
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3432
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html
Third Party Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659
Vendor Advisory
Issue Tracking