The Gluster Project Glusterfs vulnerabilities

CVE-2018-14653 [HIGH] CWE-122 CVE-2018-14653: The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflo The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.

CVE-2018-14659 [MEDIUM] CWE-400 CVE-2018-14659: The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's ru

CVE-2018-14652 [MEDIUM] CWE-120 CVE-2018-14652: The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'f The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.

CVE-2018-14654 [MEDIUM] CWE-22 CVE-2018-14654: The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' transla The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.