CVE-2018-14653

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write12 documents8 sources
Severity
8.8HIGH
EPSS
1.6%
top 18.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Redhat Gluster StorageTHE Gluster Project GlusterfsDebian Debian Linux+2 more
Timeline
PublishedOct 31
Latest updateMay 13

Description

The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

Debianglusterfs< 5.1-1+3
NVDredhat/gluster_storage3.0.03.1.2+1
CVEListV5the_gluster_project/glusterfsthrough 3.12 and 4.1.4

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-947v-4hfw-4p67: The Gluster file system through versions 42022-05-13
OSV
CVE-2018-14653: The Gluster file system through versions 42018-10-31
CVEList
CVE-2018-14653: The Gluster file system through versions 42018-10-31

📋Vendor Advisories

3
Ubuntu
GlusterFS vulnerabilities2021-03-15
Red Hat
glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message2018-10-31
Debian
CVE-2018-14653: glusterfs - The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-...2018

💬Community

5
Bugzilla
CVE-2018-14653 glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message [fedora-all]2018-11-08
Bugzilla
CVE-2018-14653 glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message [fedora-all]2018-11-08
Bugzilla
CVE-2018-14653 glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message [fedora-all]2018-10-31
Bugzilla
CVE-2018-14653 glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message [fedora-all]2018-10-31
Bugzilla
CVE-2018-14653 glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message2018-09-27