GlusterFS CVE-2018-14653 Heap Based Buffer Overflow Vulnerability
BID:106378
Info
GlusterFS CVE-2018-14653 Heap Based Buffer Overflow Vulnerability
| Bugtraq ID: | 106378 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2018-14653 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 31 2018 12:00AM |
| Updated: | Oct 31 2018 12:00AM |
| Credit: | Michael Hanselmann (hansmi.ch) |
| Vulnerable: |
Redhat Virtualization Host 4 Redhat Virtualization 4 Redhat Gluster Storage Server for On-premise 3 for RHEL 7 0 Redhat Gluster Storage Server for On-premise 3 for RHEL 6 0 Redhat Enterprise Linux Server 7 Redhat Enterprise Linux Server 6 Gluster Glusterfs 4.1.4 Gluster Glusterfs 3.5 Gluster Glusterfs 3.3.0 |
| Not Vulnerable: | |
Discussion
GlusterFS CVE-2018-14653 Heap Based Buffer Overflow Vulnerability
GlusterFS is prone to a heap-based buffer-overflow vulnerability.
Attackers can exploit this issue to obtain sensitive information or cause denial-of-service condition, denying service to legitimate users. Due to the nature of this issue, code execution may be possible but this has not been confirmed.
GlusterFS through versions 4.1.4 and 3.12 are vulnerable.
GlusterFS is prone to a heap-based buffer-overflow vulnerability.
Attackers can exploit this issue to obtain sensitive information or cause denial-of-service condition, denying service to legitimate users. Due to the nature of this issue, code execution may be possible but this has not been confirmed.
GlusterFS through versions 4.1.4 and 3.12 are vulnerable.
References
GlusterFS CVE-2018-14653 Heap Based Buffer Overflow Vulnerability
References:
References:
- GlusterFS Home Page (Gluster)
- Bug 1633431 (CVE-2018-14653) - CVE-2018-14653 glusterfs: Heap-based buffer over (Redhat)
- CVE-2018-14653 (Redhat)
- RHSA-2018:3431 - Security Advisory (Redhat)
- RHSA-2018:3432 - Security Advisory (Redhat)
- RHSA-2018:3470 - Security Advisory (Redhat)