A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 03:42
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html - Mailing List, Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:2607 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:2608 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:2892 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:3242 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:3470 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911 - Issue Tracking, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html - Mailing List, Third Party Advisory | |
References | () https://review.gluster.org/#/c/glusterfs/+/21067/ - Patch, Vendor Advisory | |
References | () https://security.gentoo.org/glsa/201904-06 - Third Party Advisory |
Information
Published : 2018-09-04 14:29
Updated : 2024-11-21 03:42
NVD link : CVE-2018-10911
Mitre link : CVE-2018-10911
CVE.ORG link : CVE-2018-10911
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- enterprise_linux_desktop
- virtualization_host
- enterprise_linux_workstation
gluster
- glusterfs
opensuse
- leap
debian
- debian_linux