Denial of Service Vulnerability in GlusterFS by Red Hat
CVE-2018-10914
5.5MEDIUM
Summary
An attacker can exploit a flaw in GlusterFS through a malicious xattr request issued via FUSE, leading to the crash of the Gluster brick process. If multiplexing is enabled, this exploit can extend the impact, causing multiple bricks and volumes to go down simultaneously, resulting in significant service outages for users.
Affected Version(s)
glusterfs
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved