PT-2019-8803 · Apache · Apache Mesos
Published
2019-03-05
·
Updated
2019-03-07
·
CVE-2018-11793
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Apache Mesos versions prior to 1.4.x
Apache Mesos versions 1.4.0 through 1.4.2
Apache Mesos versions 1.5.0 through 1.5.1
Apache Mesos versions 1.6.0 through 1.6.1
Apache Mesos version 1.7.0
Description
The issue arises when parsing a JSON payload with deeply nested JSON structures, causing the parser to overflow the stack due to unbounded recursion. This can lead to a denial of service, rendering the Mesos-controlled cluster inoperable. A malicious actor can exploit this to cause significant disruption.
Recommendations
For Apache Mesos versions prior to 1.4.x, update to version 1.4.x or later.
For Apache Mesos versions 1.4.0 through 1.4.2, update to version 1.4.3 or later.
For Apache Mesos versions 1.5.0 through 1.5.1, update to version 1.5.2 or later.
For Apache Mesos versions 1.6.0 through 1.6.1, update to version 1.6.2 or later.
For Apache Mesos version 1.7.0, update to version 1.7.1 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Mesos