VYPR

Glusterfs

by Gluster

Source repositories

CVEs (25)

  • CVE-2018-14653Oct 31, 2018
    risk 0.00cvss epss 0.03

    The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential…

  • CVE-2018-14659Oct 31, 2018
    risk 0.00cvss epss 0.02

    The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger…

  • CVE-2014-3619Mar 27, 2015
    risk 0.00cvss epss 0.03

    The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.

  • CVE-2012-5635Apr 9, 2013
    risk 0.00cvss epss 0.00

    The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and…

  • CVE-2012-4417Nov 18, 2012
    risk 0.00cvss epss 0.00

    GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Page 2 of 2