CVE-2018-1330

Name of the Vulnerable Software and Affected Versions Apache Mesos versions 1.4.0 through 1.5.0

Description The issue arises when parsing a malformed JSON payload, which can cause libprocess in Apache Mesos to crash due to an uncaught exception. Additionally, parsing chunked HTTP requests with trailers can lead to a libprocess crash because of a mistakenly planted assertion. This can be exploited by a malicious actor to cause a denial of service, rendering the Mesos-controlled cluster inoperable.

Recommendations For Apache Mesos versions 1.4.0 through 1.5.0, update to a version that fixes the issue with parsing malformed JSON payloads and chunked HTTP requests to prevent denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.