CVE-2018-10924
MEDIUMglusterfs 3.12.11-3.12.13 - Authenticated Denial of Service via fsync Memory Leak
Title source: llmDescription
It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.
References (4)
Core 4
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10924
Patch, Vendor Advisory x_refsource_confirm
https://review.gluster.org/#/c/glusterfs/+/20723/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201904-06
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
Scores
CVSS v3
5.3
EPSS
0.0188
EPSS Percentile
76.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-772
CWE-400
Status
published
Products (1)
gluster/glusterfs
3.12.11 - 3.12.14
Published
Sep 04, 2018
Tracked Since
Feb 18, 2026