Vulnerability Details CVE-2018-10924
It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.2%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 6.8
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10924
- https://review.gluster.org/#/c/glusterfs/+/20723/
- https://security.gentoo.org/glsa/201904-06
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10924
- https://review.gluster.org/#/c/glusterfs/+/20723/
- https://security.gentoo.org/glsa/201904-06
Products affected by CVE-2018-10924
-
cpe:2.3:a:gluster:glusterfs:3.12.11
-
cpe:2.3:a:gluster:glusterfs:3.12.12
-
cpe:2.3:a:gluster:glusterfs:3.12.13
-
cpe:2.3:a:gluster:glusterfs:4.0.0
-
cpe:2.3:a:gluster:glusterfs:4.0.0-2
-
cpe:2.3:a:gluster:glusterfs:4.0.1
-
cpe:2.3:a:gluster:glusterfs:4.0.2
-
cpe:2.3:a:gluster:glusterfs:4.0.2-1
-
cpe:2.3:a:gluster:glusterfs:4.1.0
-
cpe:2.3:a:gluster:glusterfs:4.1.1
-
cpe:2.3:a:gluster:glusterfs:4.1.2
-
cpe:2.3:a:gluster:glusterfs:4.1.3