6.5
CVE-2018-14660
- EPSS 2.52%
- Veröffentlicht 01.11.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:32
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Virtualization Host Version4.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Virtualization Version4.0
Redhat ≫ Virtualization Host Version4.0
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.52% | 0.828 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
| secalert@redhat.com | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
https://security.gentoo.org/glsa/201904-06
https://access.redhat.com/errata/RHSA-2018:3470
https://access.redhat.com/errata/RHSA-2018:3431
https://access.redhat.com/errata/RHSA-2018:3432
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14660