CVE-2018-14652
Severity
6.5MEDIUM
EPSS
2.3%
top 15.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedOct 31
Latest updateMay 13
Description
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages6 packages
Also affects: Debian Linux 8.0, 9.0
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2018-14652 glusterfs: Buffer overflow in "features/locks" translator allows for denial of service [fedora-all]↗2018-11-02
Bugzilla▶
CVE-2018-14652 glusterfs: Buffer overflow in "features/locks" translator allows for denial of service [fedora-all]↗2018-11-02
Bugzilla▶
CVE-2018-14652 glusterfs: Buffer overflow in "features/locks" translator allows for denial of service [fedora-all]↗2018-10-31
Bugzilla▶
CVE-2018-14652 glusterfs: Buffer overflow in "features/locks" translator allows for denial of service [fedora-all]↗2018-10-31
Bugzilla▶
CVE-2018-14652 glusterfs: Buffer overflow in "features/locks" translator allows for denial of service↗2018-09-26