CVE-2018-10927Improper Input Validation in Glusterfs

CWE-20Improper Input ValidationCWE-200Sensitive Information ExposureCWE-59Link Following11 documents8 sources
Severity
8.1HIGHNVD
EPSS
2.7%
top 14.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Gluster GlusterfsRED HAT GlusterfsDebian Linux+3 more
Timeline
PublishedSep 4
Latest updateMay 13

Description

A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages6 packages

NVDgluster/glusterfs3.123.12.14+1
Debiangluster/glusterfs< 4.1.4-1+3
CVEListV5red_hat/glusterfsn/a
NVDopensuse/leap15.1

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-7pm9-wx72-7c4p: A flaw was found in RPC request using gfs3_lookup_req in glusterfs server2022-05-13
CVEList
CVE-2018-10927: A flaw was found in RPC request using gfs3_lookup_req in glusterfs server2018-09-04
OSV
CVE-2018-10927: A flaw was found in RPC request using gfs3_lookup_req in glusterfs server2018-09-04

📋Vendor Advisories

4
Ubuntu
GlusterFS vulnerabilities2021-03-15
Red Hat
glusterfs: glusterfs server exploitable via symlinks to relative paths2018-10-31
Red Hat
glusterfs: File status information leak and denial of service2018-09-04
Debian
CVE-2018-10927: glusterfs - A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An au...2018

💬Community

3
Bugzilla
CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relative paths2018-09-25
Bugzilla
CVE-2018-10927 glusterfs: File status information leak and denial of service [fedora-all]2018-09-04
Bugzilla
CVE-2018-10927 glusterfs: File status information leak and denial of service2018-08-06
CVE-2018-10927 — Improper Input Validation in Glusterfs | cvebase