What is CVE-2018-1330?

CVE-2018-1330 is a vulnerability that affects Apache Mesos versions 1.4.0 to 1.5.0 and allows a malicious actor to cause a denial of service (crash) by sending a malformed JSON payload.

How does CVE-2018-1330 affect Apache Mesos?

CVE-2018-1330 affects Apache Mesos versions 1.4.0 to 1.5.0 by causing a crash in libprocess when parsing a malformed JSON payload or chunked HTTP requests with trailers.

What is the severity of CVE-2018-1330?

CVE-2018-1330 has a severity rating of 7.5 (high).

How can CVE-2018-1330 be exploited?

CVE-2018-1330 can be exploited by a malicious actor sending a malformed JSON payload or chunked HTTP requests with trailers to Apache Mesos.

Is there a fix for CVE-2018-1330?

Yes, upgrading to Apache Mesos versions 1.5.1 or later resolves the vulnerability.

Vulnerability/
CVE-2018-1330

high

7.5

CWE

13/9/2018

29/1/2019

CVE-2018-1330: Input Validation

First published: Thu Sep 13 2018(Updated: )

When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

Credit: security@apache.org

Affected Software	Affected Version	How to fix
Apache Mesos	>=1.4.0<1.4.2
Apache Mesos	>=1.5.0<1.5.1
Apache Mesos	=1.4.0-rc1
Apache Mesos	=1.4.0-rc2
Apache Mesos	=1.4.0-rc3
Apache Mesos	=1.4.0-rc4
Apache Mesos	=1.4.0-rc5
Apache Mesos	=1.6.0-rc1

Never miss a vulnerability like this again

Reference Links

https://lists.apache.org/thread.html/395cb6bcf367702acd1e580a1f39b56cdd7a5953d0368b4c1adb1dde@<dev.mesos.apache.org>

Frequently Asked Questions

What is CVE-2018-1330?
CVE-2018-1330 is a vulnerability that affects Apache Mesos versions 1.4.0 to 1.5.0 and allows a malicious actor to cause a denial of service (crash) by sending a malformed JSON payload.
How does CVE-2018-1330 affect Apache Mesos?
CVE-2018-1330 affects Apache Mesos versions 1.4.0 to 1.5.0 by causing a crash in libprocess when parsing a malformed JSON payload or chunked HTTP requests with trailers.
What is the severity of CVE-2018-1330?
CVE-2018-1330 has a severity rating of 7.5 (high).
How can CVE-2018-1330 be exploited?
CVE-2018-1330 can be exploited by a malicious actor sending a malformed JSON payload or chunked HTTP requests with trailers to Apache Mesos.
Is there a fix for CVE-2018-1330?
Yes, upgrading to Apache Mesos versions 1.5.1 or later resolves the vulnerability.

collector/nvd-index
vendor/apache
canonical/apache mesos
version/apache mesos/1.4.0
version/apache mesos/1.5.0
version/apache mesos/1.4.0-rc1
version/apache mesos/1.4.0-rc2
version/apache mesos/1.4.0-rc3
version/apache mesos/1.4.0-rc4
version/apache mesos/1.4.0-rc5
version/apache mesos/1.6.0-rc1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.