PT-2018-2215 · Red Hat+4 · Glusterfs+5

Michael Hanselmann

Publicado

2018-09-04

Atualizado

2022-04-22

CVE-2018-10911

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions GlusterFS (affected versions not specified)

Description The issue is related to the dic unserialize function in the GlusterFS file system, which incorrectly handles negative key length values. This can be exploited by a remote attacker to access protected information. The flaw allows an attacker to read memory from other locations into the stored dict value.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Integer Overflow

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-190CWE-502

Identificadores relacionados

ALT-PU-2018-2484

BDU:2019-00238

CESA-2018_2607

CESA-2018_2892

CVE-2018-10911

DLA-1510-1

DLA-2806-1

OPENSUSE-SU-2020:0079-1

OPENSUSE-SU-2020_0079-1

OPENSUSE-SU-2024:10794-1

RHSA-2018:2607

RHSA-2018:2608

RHSA-2018:2892

RHSA-2018:3242

RHSA-2018:3470

RHSA-2018_2892

RHSA-2018_3242

USN-4770-1

Produtos afetados

Alt Linux

Centos

Glusterfs

Red Hat

Suse

Ubuntu

PT-2018-2215 · Red Hat+4 · Glusterfs+5

CVE-2018-10911

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 137