CVE-2018-14659

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-14659
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14659.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-14659
Downstream
Published
2018-10-31T19:29:00.627Z
Modified
2026-03-20T11:23:27.589421Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GFXATTRIOSTATSDUMPKEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.

References

Affected packages

Git / github.com/gluster/glusterfs

Affected ranges

Type
GIT
Repo
https://github.com/gluster/glusterfs
Events
Introduced
8379edd97876a85fe1231b7cc8d4cc40f962c5cc
Last affected
f2a067c4fe92f7aefc5f64ea1e5b000c16af0946
Introduced
b4f4480094b7c3ebda3319df0c3f96efd08b2176
Last affected
deafd5a4f8440fa2a6f54595722e6fd1d4b6ed55
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2e1e4168ab6b6b3ebe9e3dfb227fb7631e5c1aa4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c6d4289dad6622e311c312b609a52106909f7d74
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3fadf5cc41d5ea3195d2228d23e890f27fc22f87
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a92e9e8e8ae6b97db8e0c1fb8268aef734ab48b4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4a85a221c92f422dedde62832e6cd6e66cae2722
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4a85a221c92f422dedde62832e6cd6e66cae2722
Database specific 
{
    "versions": [
        {
            "introduced": "3.0.0"
        },
        {
            "last_affected": "3.1.2"
        },
        {
            "introduced": "4.1.0"
        },
        {
            "last_affected": "4.1.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0"
        }
    ]
}

Affected versions

v3.*
v3.0.0
v3.0.1rc1
v3.0.1rc2
v3.0.1rc3
v3.0.1rc4
v3.0.1rc5
v3.1.0
v3.1.0alpha
v3.1.0beta
v3.1.0prealpha1
v3.1.0prealpha2
v3.1.0prealpha3
v3.1.0prealpha4
v3.1.0qa10
v3.1.0qa11
v3.1.0qa12
v3.1.0qa13
v3.1.0qa14
v3.1.0qa15
v3.1.0qa16
v3.1.0qa17
v3.1.0qa18
v3.1.0qa19
v3.1.0qa2
v3.1.0qa20
v3.1.0qa21
v3.1.0qa22
v3.1.0qa23
v3.1.0qa24
v3.1.0qa25
v3.1.0qa26
v3.1.0qa27
v3.1.0qa28
v3.1.0qa29
v3.1.0qa3
v3.1.0qa30
v3.1.0qa31
v3.1.0qa32
v3.1.0qa33
v3.1.0qa34
v3.1.0qa35
v3.1.0qa36
v3.1.0qa37
v3.1.0qa38
v3.1.0qa39
v3.1.0qa4
v3.1.0qa40
v3.1.0qa41
v3.1.0qa42
v3.1.0qa43
v3.1.0qa44
v3.1.0qa45
v3.1.0qa46
v3.1.0qa5
v3.1.0qa6
v3.1.0qa7
v3.1.0qa8
v3.1.0qa9
v3.1.1
v3.1.1qa1
v3.1.1qa10
v3.1.1qa11
v3.1.1qa2
v3.1.1qa3
v3.1.1qa4
v3.1.1qa5
v3.1.1qa6
v3.1.1qa7
v3.1.1qa8
v3.1.1qa9
v3.1.2
v3.1.2qa1
v3.1.2qa2
v3.1.2qa3
v3.1.2qa4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14659.json"