Vulnerability Description
Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests with large bodies . This vulnerability appears to have been fixed in after commit 9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Minio | Minio | < 2018-05-16t23-35-33z |
Related Weaknesses (CWE)
References
- https://github.com/minio/minio/commit/9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7#dPatchThird Party Advisory
- https://github.com/minio/minio/pull/5957Issue TrackingThird Party Advisory
- https://github.com/minio/minio/commit/9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7#dPatchThird Party Advisory
- https://github.com/minio/minio/pull/5957Issue TrackingThird Party Advisory
FAQ
What is CVE-2018-1000538?
CVE-2018-1000538 is a vulnerability with a CVSS score of 7.5 (HIGH). Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result...
How severe is CVE-2018-1000538?
CVE-2018-1000538 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000538?
Check the references section above for vendor advisories and patch information. Affected products include: Minio Minio.