PT-2018-2215 · Red Hat+4 · Glusterfs+5

Michael Hanselmann

Published

2018-09-04

Updated

2022-04-22

CVE-2018-10911

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions GlusterFS (affected versions not specified)

Description The issue is related to the dic unserialize function in the GlusterFS file system, which incorrectly handles negative key length values. This can be exploited by a remote attacker to access protected information. The flaw allows an attacker to read memory from other locations into the stored dict value.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Integer Overflow

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-190CWE-502

Related Identifiers

ALT-PU-2018-2484

BDU:2019-00238

CESA-2018_2607

CESA-2018_2892

CVE-2018-10911

DLA-1510-1

DLA-2806-1

OPENSUSE-SU-2020:0079-1

OPENSUSE-SU-2020_0079-1

OPENSUSE-SU-2024:10794-1

RHSA-2018:2607

RHSA-2018:2608

RHSA-2018:2892

RHSA-2018:3242

RHSA-2018:3470

RHSA-2018_2892

RHSA-2018_3242

USN-4770-1

Affected Products

Alt Linux

Centos

Glusterfs

Red Hat

Suse

Ubuntu

PT-2018-2215 · Red Hat+4 · Glusterfs+5

CVE-2018-10911

Weakness Enumeration

Related Identifiers

Affected Products

References · 137