CVE-2018-10914: Null Pointer Dereference
First published: Mon Jul 23 2018(Updated: )
It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gluster GlusterFS | >=3.12.0<3.12.14 | |
| Gluster GlusterFS | >=4.1.0<4.1.8 | |
| Redhat Virtualization Host | =4.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| openSUSE Leap | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
- https://access.redhat.com/errata/RHSA-2018:2607
- https://access.redhat.com/errata/RHSA-2018:2608
- https://access.redhat.com/errata/RHSA-2018:3470
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10914
- https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
- https://security.gentoo.org/glsa/201904-06
- https://review.gluster.org/21071
- https://bugzilla.redhat.com/show_bug.cgi?id=1607617
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID is CVE-2018-10914.
What is the severity level of CVE-2018-10914?
The severity level of CVE-2018-10914 is medium.
How can an attacker exploit CVE-2018-10914?
An attacker can exploit CVE-2018-10914 by issuing a malicious xattr request via glusterfs FUSE, causing the gluster brick process to crash and resulting in a remote denial of service.
Which software versions are affected by CVE-2018-10914?
The affected versions include glusterfs 3.12.0 to 3.12.14, glusterfs 4.1.0 to 4.1.4, Gluster GlusterFS 3.12.0 to 3.12.14, Gluster GlusterFS 4.1.0 to 4.1.8, Redhat Virtualization Host 4.0, Redhat Enterprise Linux Server 6.0 and 7.0, Debian Debian Linux 8.0 and 9.0, and openSUSE Leap 15.1.
How can I fix CVE-2018-10914?
To fix CVE-2018-10914, update your glusterfs software to version 3.12.15 or 4.1.5, or apply the recommended patches provided by the vendor.
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-10914
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/gluster
- canonical/gluster glusterfs
- version/gluster glusterfs/3.12.0
- version/gluster glusterfs/4.1.0
- vendor/redhat
- canonical/redhat virtualization host
- version/redhat virtualization host/4.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- package-manager/redhat