Amar Tumballi

**Name of the Vulnerable Software and Affected Versions** glusterfs (affected versions not specified) **Description** The issue is related to multiple stack-based buffer overflows in the glusterfs server. This is due to functions in server-rpc-fopc.c allocating fixed-size buffers using `alloca(3)`. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer than the fixed buffer size, potentially causing a crash or code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** glusterfs (affected versions not specified) **Description** A memory leak was discovered in the fsync(2) system call within the glusterfs client code. This issue could be exploited by an authenticated attacker to launch a denial of service attack, causing gluster clients to consume the host machine's memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.