CVE-2018-14659
Severity
6.5MEDIUM
EPSS
2.1%
top 15.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedOct 31
Latest updateMay 13
Description
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages6 packages
Also affects: Debian Linux 8.0, 9.0
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2018-14659 glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service [fedora-all]↗2018-11-08
Bugzilla▶
CVE-2018-14659 glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service [fedora-all]↗2018-11-08
Bugzilla▶
CVE-2018-14659 glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service [fedora-all]↗2018-10-31
Bugzilla▶
CVE-2018-14659 glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service [fedora-all]↗2018-10-31
Bugzilla▶
CVE-2018-14659 glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service↗2018-10-04