CVE-2018-1000538
HIGHMinio S3 server <RELEASE.2018-05-16T23-35-33Z - Denial of Service
Title source: llmDescription
Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests with large bodies . This vulnerability appears to have been fixed in after commit 9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/minio/minio/commit/9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7#diff-e8c3bc9bc83b5516d0cc806cd461d08bL220
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/minio/minio/pull/5957
Scores
CVSS v3
7.5
EPSS
0.0040
EPSS Percentile
60.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-774
Status
published
Products (1)
minio/minio
< 2018-05-16t23-35-33z
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026