CVE-2023-26253Out-of-bounds Read in Glusterfs

CWE-125Out-of-bounds ReadCWE-121Stack-based Buffer Overflow9 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 80.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gluster Glusterfs
Timeline
PublishedFeb 21
Latest updateJun 12

Description

In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debiangluster/glusterfs< 10.3-5+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-696f-v7g7-q758: In Gluster GlusterFS 112023-02-21
CVEList
CVE-2023-26253: In Gluster GlusterFS 112023-02-21
OSV
CVE-2023-26253: In Gluster GlusterFS 112023-02-21

📋Vendor Advisories

5
Ubuntu
GlusterFS vulnerability2023-06-12
Ubuntu
GlusterFS vulnerability2023-03-30
Red Hat
glusterfs: stack-based buffer overflow in notify() in fuse-bridge.c2023-02-21
Microsoft
In Gluster GlusterFS 11.0 there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.2023-02-14
Debian
CVE-2023-26253: glusterfs - In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c noti...2023
CVE-2023-26253 — Out-of-bounds Read in Glusterfs | cvebase