CVE-2018-10927

A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.

Published : 2018-09-04 15:29 Updated : 2019-10-03 00:03

5.5
CVSS Score More info
Score 5.5 / 10
5.5
Vendor Product Version URI
Gluster Glusterfs 3.12.0 cpe:/a:gluster:glusterfs:3.12.0:-
Gluster Glusterfs 3.12.0 cpe:/a:gluster:glusterfs:3.12.0:alpha1
Gluster Glusterfs 3.12.0 cpe:/a:gluster:glusterfs:3.12.0:rc0
Gluster Glusterfs 3.12.1 cpe:/a:gluster:glusterfs:3.12.1
Gluster Glusterfs 3.12.2 cpe:/a:gluster:glusterfs:3.12.2
Gluster Glusterfs 3.12.3 cpe:/a:gluster:glusterfs:3.12.3
Gluster Glusterfs 3.12.4 cpe:/a:gluster:glusterfs:3.12.4
Gluster Glusterfs 3.12.5 cpe:/a:gluster:glusterfs:3.12.5
Gluster Glusterfs 3.12.6 cpe:/a:gluster:glusterfs:3.12.6
Gluster Glusterfs 3.12.7 cpe:/a:gluster:glusterfs:3.12.7
Gluster Glusterfs 3.12.8 cpe:/a:gluster:glusterfs:3.12.8
Gluster Glusterfs 3.12.9 cpe:/a:gluster:glusterfs:3.12.9
Gluster Glusterfs 3.12.10 cpe:/a:gluster:glusterfs:3.12.10
Gluster Glusterfs 3.12.11 cpe:/a:gluster:glusterfs:3.12.11
Gluster Glusterfs 3.12.12 cpe:/a:gluster:glusterfs:3.12.12
Gluster Glusterfs 3.12.13 cpe:/a:gluster:glusterfs:3.12.13
Gluster Glusterfs 4.1.0 cpe:/a:gluster:glusterfs:4.1.0:-
Gluster Glusterfs 4.1.0 cpe:/a:gluster:glusterfs:4.1.0:alpha
Gluster Glusterfs 4.1.0 cpe:/a:gluster:glusterfs:4.1.0:rc0
Gluster Glusterfs 4.1.1 cpe:/a:gluster:glusterfs:4.1.1
Gluster Glusterfs 4.1.2 cpe:/a:gluster:glusterfs:4.1.2
Gluster Glusterfs 4.1.3 cpe:/a:gluster:glusterfs:4.1.3
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Redhat Enterprise Linux Server 6.0 cpe:/o:redhat:enterprise_linux_server:6.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Virtualization Host 4.0 cpe:/a:redhat:virtualization_host:4.0
Redhat Virtualization 4.0 cpe:/o:redhat:virtualization:4.0
  1. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 8.0
  2. Gluster (1) Search CVE
    1. Glusterfs (18) Search CVE
      1. 3.12.0
      2. 3.12.1
      3. 3.12.2
      4. 3.12.3
      5. 3.12.4
      6. 3.12.5
      7. 3.12.6
      8. 3.12.7
      9. 3.12.8
      10. 3.12.9
      11. 3.12.10
      12. 3.12.11
      13. 3.12.12
      14. 3.12.13
      15. 4.1.0
      16. 4.1.1
      17. 4.1.2
      18. 4.1.3
  3. Redhat (3) Search CVE
    1. Virtualization (1) Search CVE
      1. 4.0
    2. Enterprise Linux Server (2) Search CVE
      1. 6.0
      2. 7.0
    3. Virtualization Host (1) Search CVE
      1. 4.0

CWE

ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

History of changes

Date Event
2019-10-03 00:03
2019-03-21 15:52
2018-11-06 11:29
2018-10-23 13:05
2018-09-21 10:29
2018-09-05 10:29
2018-09-04 15:29

New CVE