CVE-2022-48340: Use After Free
First published: Tue Feb 21 2023(Updated: )
In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gluster GlusterFS | =11.0 | |
| ubuntu/glusterfs | <10.1-1ubuntu0.2 | 10.1-1ubuntu0.2 |
| ubuntu/glusterfs | <10.3-4ubuntu0.2 | 10.3-4ubuntu0.2 |
| ubuntu/glusterfs | <10.3-5ubuntu0.1 | 10.3-5ubuntu0.1 |
| ubuntu/glusterfs | <11.1-1 | 11.1-1 |
| debian/glusterfs | <=5.5-3<=9.2-1<=10.3-5 | 11.1-4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/gluster/glusterfs/issues/3732
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UE6K2DXP4QZVKP32Z7BSYDSRBL4H7JSE/
- https://launchpad.net/bugs/cve/CVE-2022-48340
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE6K2DXP4QZVKP32Z7BSYDSRBL4H7JSE/
- https://github.com/gluster/glusterfs/commit/d2e159d337e17844bf483a7f2aca4c52e37c7c60
- https://security-tracker.debian.org/tracker/CVE-2022-48340
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48340
- https://github.com/gluster/glusterfs/pull/3744
- https://ubuntu.com/security/notices/USN-6507-1
- https://nvd.nist.gov/vuln/detail/CVE-2022-48340
- https://github.com/gluster/glusterfs/commit/650ab3a0cf8ecec597974f64f62d81f59c4e3161 (devel)
- https://github.com/gluster/glusterfs/commit/9c580285c32d1e8f684c51cdc3a023319f05b1f8 (10)
- https://github.com/gluster/glusterfs/commit/d2e159d337e17844bf483a7f2aca4c52e37c7c60 (11)
- https://ubuntu.com/security/CVE-2022-48340
Frequently Asked Questions
What is the vulnerability ID for this Gluster GlusterFS vulnerability?
The vulnerability ID for this Gluster GlusterFS vulnerability is CVE-2022-48340.
What is the severity of CVE-2022-48340?
The severity of CVE-2022-48340 is high with a severity value of 7.5.
How does the vulnerability in Gluster GlusterFS 11.0 manifest?
The vulnerability in Gluster GlusterFS 11.0 manifests as a use-after-free issue in the dht_setxattr_mds_cbk function in dht-common.c.
What software version is affected by CVE-2022-48340?
Gluster GlusterFS 11.0 is affected by CVE-2022-48340.
Is there a fix for CVE-2022-48340?
Yes, a fix is available for CVE-2022-48340. It is recommended to update to a patched version of Gluster GlusterFS.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/remedy
- agent/references
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/description
- collector/usn-cve
- source/Ubuntu
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/gluster
- canonical/gluster glusterfs
- version/gluster glusterfs/11.0
- package-manager/ubuntu
- package-manager/debian