First published: Tue Sep 04 2018(Updated: )
It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Gluster GlusterFS | >=3.12.11<3.12.14 | |
Gluster GlusterFS | >=4.0.0<4.1.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE ID of this vulnerability is CVE-2018-10924.
CVE-2018-10924 has a severity rating of 6.5, which is considered medium.
Gluster GlusterFS versions between 3.12.11 and 3.12.14, as well as versions between 4.0.0 and 4.1.4, are affected by CVE-2018-10924.
An authenticated attacker can exploit CVE-2018-10924 to launch a denial of service attack by making Gluster clients consume memory of the host machine.
Yes, you can find references for CVE-2018-10924 at the following links: [http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html](http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html) and [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10924](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10924).