Security Advisory

CVE-2018-14659

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-10-31 19:00:00

Last updated 2024-08-05 09:38:13

Assigner redhat

State PUBLISHED

Description

The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the GF_XATTR_IOSTATS_DUMP_KEY xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling setxattr(2) to trigger a state dump and create an arbitrary number of files in the servers runtime directory.

← Browse all CVEs View on cve.org ↗