CVE-2018-14653 in Red Hat and Debian Products
Published on October 31, 2018
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2018-14653
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-14653 are published in these products:
Affected Versions
The Gluster Project glusterfs Version through 3.12 and 4.1.4 is affected by CVE-2018-14653Exploit Probability
EPSS
1.60%
Percentile
81.41%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.