Denial of Service Vulnerability in Apache Mesos by Malicious JSON Payload
CVE-2018-1330

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Mesos
Vendor: CVE Published:; 13 September 2018

Summary

Certain versions of Apache Mesos are susceptible to a vulnerability in libprocess that may be exploited when parsing malformed JSON payloads or chunked HTTP requests. An attacker can trigger an uncaught exception, causing a crash in the libprocess component. This can lead to denial of service for Mesos masters, disrupting the functionality of clusters managed by Mesos. Ensuring proper input validation and updating to patched versions can mitigate this risk.

Affected Version(s)

Apache Mesos 1.4.0 to 1.5.0

References

https://lists.apache.org/thread.html/395cb6bcf367702acd1e...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2018
Vulnerability Reserved
Dec 7, 2017