CVE-2018-14653: Buffer Overflow
First published: Thu Sep 27 2018(Updated: )
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Gluster Storage | >=3.0.0<=3.1.2 | |
| Redhat Gluster Storage | >=4.1.0<=4.1.4 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Virtualization | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2018:3431
- https://access.redhat.com/errata/RHSA-2018:3432
- https://access.redhat.com/errata/RHSA-2018:3470
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14653
- https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
- https://security.gentoo.org/glsa/201904-06
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1644584
- https://review.gluster.org/#/c/glusterfs/+/21528/
- https://review.gluster.org/#/c/glusterfs/+/21529/
- https://bugzilla.redhat.com/show_bug.cgi?id=1633431
Frequently Asked Questions
What is CVE-2018-14653?
CVE-2018-14653 is a vulnerability found in the Gluster file system through versions 4.1.4 and 3.12.
What is the severity of CVE-2018-14653?
CVE-2018-14653 has a severity score of 8.8 (high).
Who is affected by CVE-2018-14653?
Users of Redhat Gluster Storage versions 3.0.0 to 3.1.2 and 4.1.0 to 4.1.4, Debian Linux versions 8.0 and 9.0, and Redhat Enterprise Linux Server version 6.0 and 7.0, as well as Redhat Enterprise Linux Virtualization version 4.0, are affected by CVE-2018-14653.
How can CVE-2018-14653 be exploited?
CVE-2018-14653 can be exploited by a remote authenticated attacker through a heap-based buffer overflow in the '__server_getspec' function using the 'gf_getspec_req' RPC message.
What is the impact of CVE-2018-14653?
The impact of CVE-2018-14653 is a denial of service or potential unspecified impact.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-14653
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/redhat
- canonical/redhat gluster storage
- version/redhat gluster storage/3.0.0
- version/redhat gluster storage/3.1.2
- version/redhat gluster storage/4.1.0
- version/redhat gluster storage/4.1.4
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux virtualization
- version/redhat enterprise linux virtualization/4.0