CVE-2018-10911
published 2018-09-04CVE-2018-10911: A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | glusterfs | < glusterfs 4.1.4-1 (bookworm) | glusterfs 4.1.4-1 (bookworm) |
| gluster | glusterfs | >= 0 < 4.1.4-1 | 4.1.4-1 |
| gluster | glusterfs | >= 0 < 4.1.4-1 | 4.1.4-1 |
| gluster | glusterfs | >= 0 < 4.1.4-1 | 4.1.4-1 |
| gluster | glusterfs | >= 0 < 4.1.4-1 | 4.1.4-1 |
| gluster | glusterfs | >= 0 < 3.4.2-1ubuntu1+esm1 | 3.4.2-1ubuntu1+esm1 |
| gluster | glusterfs | >= 0 < 3.7.6-1ubuntu1+esm1 | 3.7.6-1ubuntu1+esm1 |
| gluster | glusterfs | >= 0 < 3.13.2-1ubuntu1+esm1 | 3.13.2-1ubuntu1+esm1 |
| gluster | glusterfs | >= 3.12.0 < 3.12.14 | 3.12.14 |
| gluster | glusterfs | >= 4.1.0 < 4.1.8 | 4.1.8 |
| opensuse | leap | — | — |
| red_hat | glusterfs | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | virtualization_host | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH