CVE-2018-10929

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-10929
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10929.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-10929
Downstream
Related
Published
2018-09-04T16:29:00.223Z
Modified
2026-05-28T04:03:56.163933924Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in RPC request using gfs2createreq in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                },
                {
                    "last_affected": "9.0"
                }
            ],
            "vendor_product": "debian:debian_linux"
        },
        {
            "cpes": [
                "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "last_affected": "15.1"
                }
            ],
            "vendor_product": "opensuse:leap"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "6.0"
                },
                {
                    "last_affected": "7.0"
                }
            ],
            "vendor_product": "redhat:enterprise_linux_server"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "4.0"
                }
            ],
            "vendor_product": "redhat:virtualization_host"
        }
    ]
}
References

Affected packages

Git / github.com/gluster/glusterfs

Affected ranges

Type
GIT
Repo
https://github.com/gluster/glusterfs
Events
Introduced
7a9d6aa5999a71e29c5fa47a0ea7105c6494123a
Fixed
fe5b6bc8522b3539a97765b243ad37ef227c05b6
Introduced
93f21655e1584c7369aa74f3072de0dc1a3e8119
Fixed
5c2548456424b99d41fff2a7468660ba7c0da0aa
Database specific 
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.12"
        },
        {
            "fixed": "3.12.14"
        },
        {
            "introduced": "4.1"
        },
        {
            "fixed": "4.1.8"
        }
    ]
}

Affected versions

v3.*
v3.12.0
v3.12.0alpha1
v3.12.0rc0
v3.12.1
v3.12.10
v3.12.11
v3.12.12
v3.12.13
v3.12.2
v3.12.3
v3.12.4
v3.12.5
v3.12.6
v3.12.7
v3.12.8
v3.12.9
v3.12dev
v4.*
v4.0dev
v4.1.0
v4.1.0alpha
v4.1.0rc0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1dev
v4.2dev

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10929.json"