High severity8.8NVD Advisory· Published Sep 4, 2018· Updated Jun 17, 2026
CVE-2018-10907
CVE-2018-10907
Description
It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Red Hat/glusterfsv5Range: n/a
Patches
Vulnerability mechanics
References
9- review.gluster.orgnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.htmlnvdMailing ListThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2607nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2608nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:3470nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingMitigationThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/09/msg00021.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2021/11/msg00000.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/201904-06nvdThird Party Advisory
News mentions
0No linked articles in our index yet.