gluster glusterfs CVE-2018-10907 vulnerability in Gluster and Other Products
Published on September 4, 2018

product logo product logo product logo product logo
It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is a Stack Overflow Vulnerability?

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CVE-2018-10907 has been classified to as a Stack Overflow vulnerability or weakness.


Products Associated with CVE-2018-10907

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-10907 are published in these products:

Glusterfs
 
Red Hat Virtualization Host
 
Debian Linux
 
OpenSuse Leap
 
Red Hat Enterprise Linux Server
 
Red Hat Virtualization
 

Affected Versions

Red Hat glusterfs Version n/a is affected by CVE-2018-10907

Exploit Probability

EPSS
2.17%
Percentile
84.06%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.