CVE-2018-14660
- Source
- https://cve.org/CVERecord?id=CVE-2018-14660
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14660.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-14660
- Downstream
- Published
- 2018-11-01T14:29:00.313Z
- Modified
- 2026-05-08T15:57:53.839398Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GFMETALOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.
- References
-
- https://access.redhat.com/errata/RHSA-2018:3431
- https://access.redhat.com/errata/RHSA-2018:3432
- https://access.redhat.com/errata/RHSA-2018:3470
- https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
- https://security.gentoo.org/glsa/201904-06
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14660
Affected packages
Git / github.com/gluster/glusterfs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gluster/glusterfs
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "source": "CPE_FIELD", "cpe": [ "cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "3.1.0" }, { "last_affected": "3.1.2" }, { "introduced": "4.1.0" }, { "last_affected": "4.1.4" }, { "introduced": "0" }, { "last_affected": "4.0" }, { "last_affected": "6.0" }, { "last_affected": "7.0" }, { "last_affected": "9.0" } ] }
Affected versions
branchpoint-3.*
branchpoint-3.2
v3.*
v3.1.0
v3.1.1
v3.1.1qa1
v3.1.1qa10
v3.1.1qa11
v3.1.1qa2
v3.1.1qa3
v3.1.1qa4
v3.1.1qa5
v3.1.1qa6
v3.1.1qa7
v3.1.1qa8
v3.1.1qa9
v3.1.2
v3.1.2gsyncqa4
v3.1.2gsyncqa5
v3.1.2gsyncqa6
v3.1.2qa1
v3.1.2qa2
v3.1.2qa3
v3.1.2qa4
v3.1.3qa1
v3.1.3qa2
v3.1.3qa3
v3.1.3qa4
v3.1.3qa5
v3.10dev
v3.11dev
v3.12dev
v3.2.0
v3.2.0qa10
v3.2.0qa11
v3.2.0qa12
v3.2.0qa13
v3.2.0qa14
v3.2.0qa15
v3.2.0qa16
v3.2.0qa4
v3.2.0qa5
v3.2.0qa6
v3.2.0qa7
v3.2.0qa8
v3.2.0qa9
v3.3.0beta3
v3.3.0qa1
v3.3.0qa10
v3.3.0qa11
v3.3.0qa12
v3.3.0qa13
v3.3.0qa14
v3.3.0qa15
v3.3.0qa16
v3.3.0qa17
v3.3.0qa18
v3.3.0qa19
v3.3.0qa2
v3.3.0qa20
v3.3.0qa21
v3.3.0qa22
v3.3.0qa23
v3.3.0qa24
v3.3.0qa26
v3.3.0qa27
v3.3.0qa28
v3.3.0qa29
v3.3.0qa3
v3.3.0qa30
v3.3.0qa31
v3.3.0qa32
v3.3.0qa33
v3.3.0qa34
v3.3.0qa35
v3.3.0qa36
v3.3.0qa37
v3.3.0qa38
v3.3.0qa39
v3.3.0qa4
v3.3.0qa5
v3.3.0qa6
v3.3.0qa7
v3.3.0qa8
v3.3.0qa9
v3.3beta2
v3.4.0alpha
v3.4.0qa3
v3.4.0qa4
v3.4.0qa5
v3.4.0qa6
v3.4.0qa7
v3.4.0qa8
v3.5.0qa1
v3.5qa2
v3.7dev
v3.8dev
v3.9dev
v4.*
v4.0dev
v4.0dev1
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1dev
v4.2dev
v6.*
v6.0
v6.0alpha
v6.0rc0
v6.0rc1
Other
v6dev
v7dev
v7.*
v7.0
v7.0alpha
v7.0rc0
v7.0rc1
v7.0rc2
v7.0rc3
v9.*
v9.0
v9.0alpha
v9.0rc0