PT-2019-8803 · Apache · Apache Mesos
Publicado
2019-03-05
·
Atualizado
2019-03-07
·
CVE-2018-11793
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Apache Mesos versions prior to 1.4.x
Apache Mesos versions 1.4.0 through 1.4.2
Apache Mesos versions 1.5.0 through 1.5.1
Apache Mesos versions 1.6.0 through 1.6.1
Apache Mesos version 1.7.0
Description
The issue arises when parsing a JSON payload with deeply nested JSON structures, causing the parser to overflow the stack due to unbounded recursion. This can lead to a denial of service, rendering the Mesos-controlled cluster inoperable. A malicious actor can exploit this to cause significant disruption.
Recommendations
For Apache Mesos versions prior to 1.4.x, update to version 1.4.x or later.
For Apache Mesos versions 1.4.0 through 1.4.2, update to version 1.4.3 or later.
For Apache Mesos versions 1.5.0 through 1.5.1, update to version 1.5.2 or later.
For Apache Mesos versions 1.6.0 through 1.6.1, update to version 1.6.2 or later.
For Apache Mesos version 1.7.0, update to version 1.7.1 or later.
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Apache Mesos