CVE-2018-14652 — MEDIUM (6.5)

Q: How severe is CVE-2018-14652?

CVE-2018-14652 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-14652?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Gluster Storage, Debian Debian Linux, Redhat Enterprise Virtualization Host, Redhat Enterprise Linux Server, Redhat Enterprise Linux Virtualization.

Vulnerability Description

The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Redhat	Gluster Storage	>= 3.0.0, <= 3.1.2
Debian	Debian Linux	8.0
Redhat	Enterprise Virtualization Host	4.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Virtualization	4.0

Related Weaknesses (CWE)

CWE-120 CWE-119

References

https://access.redhat.com/errata/RHSA-2018:3431Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3432Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3470Third Party AdvisoryVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14652Issue TrackingVendor Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00003.htmlThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/201904-06Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3431Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3432Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3470Third Party AdvisoryVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14652Issue TrackingVendor Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00003.htmlThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/201904-06Third Party Advisory

FAQ

What is CVE-2018-14652?

CVE-2018-14652 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' ...

How severe is CVE-2018-14652?

CVE-2018-14652 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-14652?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Gluster Storage, Debian Debian Linux, Redhat Enterprise Virtualization Host, Redhat Enterprise Linux Server, Redhat Enterprise Linux Virtualization.