CVE-2018-10911

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Glusterfs:
Vendor: CVE Published:; 4 September 2018

Summary

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.

Affected Version(s)

glusterfs:

References

https://review.gluster.org/#/c/glusterfs/+/21067/

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2018:2607

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2018
Vulnerability Reserved
May 9, 2018