CVE-2018-14660
Severity
6.5MEDIUM
EPSS
1.6%
top 18.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 1
Latest updateMay 13
Description
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages6 packages
Also affects: Debian Linux 9.0
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2018-14660 glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion [fedora-all]↗2018-11-08
Bugzilla▶
CVE-2018-14660 glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion [fedora-all]↗2018-11-08
Bugzilla▶
CVE-2018-14660 glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion [fedora-all]↗2018-10-31
Bugzilla▶
CVE-2018-14660 glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion [fedora-all]↗2018-10-31
Bugzilla▶
CVE-2018-14660 glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion↗2018-10-04