CVE-2018-10911

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-10911
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10911.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-10911
Related
Published
2018-09-04T14:29:00Z
Modified
2025-02-19T02:28:19.429231Z
Downstream
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.

References

Affected packages

Debian:11 / glusterfs

Package

Name
glusterfs
Purl
pkg:deb/debian/glusterfs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.4-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / glusterfs

Package

Name
glusterfs
Purl
pkg:deb/debian/glusterfs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.4-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / glusterfs

Package

Name
glusterfs
Purl
pkg:deb/debian/glusterfs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.4-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/gluster/glusterfs

Affected ranges

Type
GIT
Repo
https://github.com/gluster/glusterfs
Events
Introduced
c8c56b9a53471792a126f8e46f32ce7190eac10c
Fixed
fe5b6bc8522b3539a97765b243ad37ef227c05b6

Affected versions

v3.*

v3.12.0
v3.12.1
v3.12.10
v3.12.11
v3.12.12
v3.12.13
v3.12.2
v3.12.3
v3.12.4
v3.12.5
v3.12.6
v3.12.7
v3.12.8
v3.12.9