CVE-2018-10911

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html

https://access.redhat.com/errata/RHSA-2018:2607

https://access.redhat.com/errata/RHSA-2018:2608

https://access.redhat.com/errata/RHSA-2018:2892

https://access.redhat.com/errata/RHSA-2018:3242

https://access.redhat.com/errata/RHSA-2018:3470

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911

https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html

https://review.gluster.org/#/c/glusterfs/+/21067/

https://security.gentoo.org/glsa/201904-06

Details

Source: MITRE

Published: 2018-09-04

Updated: 2020-10-15

Type: CWE-502

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
133132openSUSE Security Update : glusterfs (openSUSE-2020-79)NessusSuSE Local Security Checks
high
127405NewStart CGSL MAIN 4.05 : glusterfs Vulnerability (NS-SA-2019-0141)NessusNewStart CGSL Local Security Checks
high
127261NewStart CGSL CORE 5.04 / MAIN 5.04 : glusterfs Vulnerability (NS-SA-2019-0064)NessusNewStart CGSL Local Security Checks
high
124890EulerOS Virtualization for ARM 64 3.0.1.0 : glusterfs (EulerOS-SA-2019-1387)NessusHuawei Local Security Checks
high
123878EulerOS Virtualization 2.5.4 : glusterfs (EulerOS-SA-2019-1192)NessusHuawei Local Security Checks
high
123580GLSA-201904-06 : GlusterFS: Multiple VulnerabilitiesNessusGentoo Local Security Checks
medium
121068Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)NessusJunos Local Security Checks
high
120672Fedora 29 : glusterfs (2018-a54270a213)NessusFedora Local Security Checks
high
120410Fedora 28 : glusterfs (2018-4e660226e7)NessusFedora Local Security Checks
high
119931EulerOS 2.0 SP3 : glusterfs (EulerOS-SA-2018-1442)NessusHuawei Local Security Checks
high
119930EulerOS 2.0 SP2 : glusterfs (EulerOS-SA-2018-1441)NessusHuawei Local Security Checks
high
119783Amazon Linux 2 : glusterfs (ALAS-2018-1128)NessusAmazon Linux Local Security Checks
high
119183Scientific Linux Security Update : glusterfs on SL7.x x86_64 (20181030)NessusScientific Linux Local Security Checks
high
119085Virtuozzo 6 : glusterfs / glusterfs-api / glusterfs-api-devel / etc (VZLSA-2018-2892)NessusVirtuozzo Local Security Checks
high
118982CentOS 7 : glusterfs (CESA-2018:2607)NessusCentOS Local Security Checks
high
118790RHEL 7 : Virtualization Manager (RHSA-2018:3470)NessusRed Hat Local Security Checks
medium
118779Oracle Linux 7 : glusterfs (ELSA-2018-3242)NessusOracle Linux Local Security Checks
high
118536RHEL 7 : glusterfs (RHSA-2018:3242)NessusRed Hat Local Security Checks
high
118056Scientific Linux Security Update : glusterfs on SL6.x x86_64 (20181009)NessusScientific Linux Local Security Checks
high
118029RHEL 6 : glusterfs (RHSA-2018:2892)NessusRed Hat Local Security Checks
high
118026Oracle Linux 6 : glusterfs (ELSA-2018-2892)NessusOracle Linux Local Security Checks
high
118021CentOS 6 : glusterfs (CESA-2018:2892)NessusCentOS Local Security Checks
high
117841Fedora 27 : glusterfs (2018-9a4d7ec61e)NessusFedora Local Security Checks
high
117618Debian DLA-1510-1 : glusterfs security updateNessusDebian Local Security Checks
high
117318RHEL 6 : Gluster Storage (RHSA-2018:2608) (deprecated)NessusRed Hat Local Security Checks
high
117317RHEL 7 : Gluster Storage (RHSA-2018:2607)NessusRed Hat Local Security Checks
high