CVE-2018-14659
- Source
- https://cve.org/CVERecord?id=CVE-2018-14659
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14659.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-14659
- Downstream
- Published
- 2018-10-31T19:29:00.627Z
- Modified
- 2026-05-08T15:57:52.098740Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GFXATTRIOSTATSDUMPKEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.
- References
-
- https://access.redhat.com/errata/RHSA-2018:3431
- https://access.redhat.com/errata/RHSA-2018:3432
- https://access.redhat.com/errata/RHSA-2018:3470
- https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
- https://security.gentoo.org/glsa/201904-06
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659
Affected packages
Git / github.com/gluster/glusterfs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gluster/glusterfs
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "source": "CPE_FIELD", "cpe": [ "cpe:2.3:a:redhat:gluster_file_system:*:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "3.0.0" }, { "last_affected": "3.1.2" }, { "introduced": "4.1.0" }, { "last_affected": "4.1.4" }, { "introduced": "0" }, { "last_affected": "8.0" }, { "last_affected": "9.0" }, { "last_affected": "6.0" }, { "last_affected": "7.0" }, { "last_affected": "4.0" } ] }
Affected versions
branchpoint-3.*
branchpoint-3.2
v3.*
v3.0.0
v3.0.1rc1
v3.0.1rc2
v3.0.1rc3
v3.0.1rc4
v3.0.1rc5
v3.1.0
v3.1.0alpha
v3.1.0beta
v3.1.0prealpha1
v3.1.0prealpha2
v3.1.0prealpha3
v3.1.0prealpha4
v3.1.0qa10
v3.1.0qa11
v3.1.0qa12
v3.1.0qa13
v3.1.0qa14
v3.1.0qa15
v3.1.0qa16
v3.1.0qa17
v3.1.0qa18
v3.1.0qa19
v3.1.0qa2
v3.1.0qa20
v3.1.0qa21
v3.1.0qa22
v3.1.0qa23
v3.1.0qa24
v3.1.0qa25
v3.1.0qa26
v3.1.0qa27
v3.1.0qa28
v3.1.0qa29
v3.1.0qa3
v3.1.0qa30
v3.1.0qa31
v3.1.0qa32
v3.1.0qa33
v3.1.0qa34
v3.1.0qa35
v3.1.0qa36
v3.1.0qa37
v3.1.0qa38
v3.1.0qa39
v3.1.0qa4
v3.1.0qa40
v3.1.0qa41
v3.1.0qa42
v3.1.0qa43
v3.1.0qa44
v3.1.0qa45
v3.1.0qa46
v3.1.0qa5
v3.1.0qa6
v3.1.0qa7
v3.1.0qa8
v3.1.0qa9
v3.1.1
v3.1.1qa1
v3.1.1qa10
v3.1.1qa11
v3.1.1qa2
v3.1.1qa3
v3.1.1qa4
v3.1.1qa5
v3.1.1qa6
v3.1.1qa7
v3.1.1qa8
v3.1.1qa9
v3.1.2
v3.1.2gsyncqa4
v3.1.2gsyncqa5
v3.1.2gsyncqa6
v3.1.2qa1
v3.1.2qa2
v3.1.2qa3
v3.1.2qa4
v3.1.3qa1
v3.1.3qa2
v3.1.3qa3
v3.1.3qa4
v3.1.3qa5
v3.10dev
v3.11dev
v3.12dev
v3.2.0
v3.2.0qa10
v3.2.0qa11
v3.2.0qa12
v3.2.0qa13
v3.2.0qa14
v3.2.0qa15
v3.2.0qa16
v3.2.0qa4
v3.2.0qa5
v3.2.0qa6
v3.2.0qa7
v3.2.0qa8
v3.2.0qa9
v3.3.0beta3
v3.3.0qa1
v3.3.0qa10
v3.3.0qa11
v3.3.0qa12
v3.3.0qa13
v3.3.0qa14
v3.3.0qa15
v3.3.0qa16
v3.3.0qa17
v3.3.0qa18
v3.3.0qa19
v3.3.0qa2
v3.3.0qa20
v3.3.0qa21
v3.3.0qa22
v3.3.0qa23
v3.3.0qa24
v3.3.0qa26
v3.3.0qa27
v3.3.0qa28
v3.3.0qa29
v3.3.0qa3
v3.3.0qa30
v3.3.0qa31
v3.3.0qa32
v3.3.0qa33
v3.3.0qa34
v3.3.0qa35
v3.3.0qa36
v3.3.0qa37
v3.3.0qa38
v3.3.0qa39
v3.3.0qa4
v3.3.0qa5
v3.3.0qa6
v3.3.0qa7
v3.3.0qa8
v3.3.0qa9
v3.3beta2
v3.4.0alpha
v3.4.0qa3
v3.4.0qa4
v3.4.0qa5
v3.4.0qa6
v3.4.0qa7
v3.4.0qa8
v3.5.0qa1
v3.5qa2
v3.7dev
v3.8dev
v3.9dev
v4.*
v4.0dev
v4.0dev1
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1dev
v4.2dev
v6.*
v6.0
v6.0alpha
v6.0rc0
v6.0rc1
Other
v6dev
v7dev
v8dev
v9dev
v7.*
v7.0
v7.0alpha
v7.0rc0
v7.0rc1
v7.0rc2
v7.0rc3
v8.*
v8.0
v8.0alpha
v8.0rc0
v9.*
v9.0
v9.0alpha
v9.0rc0