Skip to main content

Glusterfs CVE-2018-14661

MEDIUM
Improper Input Validation (CWE-20)
2018-10-31 secalert@redhat.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 31, 2018 - 20:29 nvd
MEDIUM 6.5

DescriptionNVD

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.

AnalysisAI

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. Affected products include: Gluster Glusterfs, Debian Debian Linux, Redhat Virtualization, Redhat Virtualization Host, Redhat Enterprise Linux Server.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-26253 HIGH POC
7.5 Feb 21

In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. Rated h

CVE-2018-14651 HIGH
8.8 Oct 31

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was inc

CVE-2018-10929 HIGH
8.8 Sep 04

A flaw was found in RPC request using gfs2_create_req in glusterfs server. Rated high severity (CVSS 8.8), this vulnerab

CVE-2018-10928 HIGH
8.8 Sep 04

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to

CVE-2018-10926 HIGH
8.8 Sep 04

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. Rated high severity (CVSS 8.8), this

CVE-2018-10907 HIGH
8.8 Sep 04

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc

CVE-2018-10904 HIGH
8.8 Sep 04

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribu

CVE-2018-10841 HIGH
8.8 Jun 20

glusterfs is vulnerable to privilege escalation on gluster server nodes. Rated high severity (CVSS 8.8), this vulnerabil

CVE-2018-1112 HIGH
8.8 Apr 25

glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenti

CVE-2018-10927 HIGH
8.1 Sep 04

A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. Rated high severity (CVSS 8.1), this vulnerab

CVE-2018-10923 HIGH
8.1 Sep 04

It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node

CVE-2018-10911 HIGH
7.5 Sep 04

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. Rated high

Share

CVE-2018-14661 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy