CVE-2014-3619 — Infinite Loop in Glusterfs

CWE-399 CWE-835 — Infinite Loop9 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

1.1%

top 21.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gluster Glusterfs Opensuse

Timeline

PublishedMar 27

Latest updateMay 14

Description

The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶Debiangluster/glusterfs< 3.5.2-2+3

▶Ubuntugluster/glusterfs< 3.4.2-1ubuntu1+esm1+2

▶NVDgluster/glusterfs3.5

▶NVDopensuse/opensuse13.1

🔴Vulnerability Details

GHSA

GHSA-7hxx-57vq-gp63: The __socket_proto_state_machine function in GlusterFS 3↗2022-05-14

▶

OSV

glusterfs vulnerabilities↗2021-03-15

▶

OSV

CVE-2014-3619: The __socket_proto_state_machine function in GlusterFS 3↗2015-03-27

▶

CVEList

CVE-2014-3619: The __socket_proto_state_machine function in GlusterFS 3↗2015-03-27

▶

📋Vendor Advisories

Ubuntu

GlusterFS vulnerabilities↗2021-03-15

▶

Red Hat

glusterfs: fragment header infinite loop DoS↗2014-09-12

▶

Debian

CVE-2014-3619: glusterfs - The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attacke...↗2014

▶

💬Community

Bugzilla

CVE-2014-3619 glusterfs: fragment header infinite loop DoS↗2014-09-04

▶