First published: Thu Sep 27 2018(Updated: )
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Gluster Storage | >=3.0.0<=3.1.2 | |
Redhat Gluster Storage | >=4.1.0<=4.1.4 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Virtualization | =4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-14653 is a vulnerability found in the Gluster file system through versions 4.1.4 and 3.12.
CVE-2018-14653 has a severity score of 8.8 (high).
Users of Redhat Gluster Storage versions 3.0.0 to 3.1.2 and 4.1.0 to 4.1.4, Debian Linux versions 8.0 and 9.0, and Redhat Enterprise Linux Server version 6.0 and 7.0, as well as Redhat Enterprise Linux Virtualization version 4.0, are affected by CVE-2018-14653.
CVE-2018-14653 can be exploited by a remote authenticated attacker through a heap-based buffer overflow in the '__server_getspec' function using the 'gf_getspec_req' RPC message.
The impact of CVE-2018-14653 is a denial of service or potential unspecified impact.