DEBIAN-CVE-2023-26253

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2023-26253
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-26253.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-26253
Upstream
Published
2023-02-21T02:15:10.367Z
Modified
2025-11-20T10:17:34.321544Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.

References

Affected packages

Debian:11 / glusterfs

Package

Name
glusterfs
Purl
pkg:deb/debian/glusterfs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.2-1
9.3-1
9.3-2
9.4-1
9.4-2~bpo11+1
9.4-2

10.*

10.0-1
10.0-1.1
10.0-1.2
10.0-1.3
10.0-2
10.1-1
10.1-2
10.1-3~bpo11+1
10.1-3
10.1-4
10.2-1
10.2-2
10.3-1
10.3-2
10.3-3
10.3-4
10.3-5
10.4-1

11.*

11.0-1
11.0-2
11.0-3
11.1-1
11.1-2
11.1-3~bpo12+1
11.1-3
11.1-4
11.1-5
11.1-6

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-26253.json"

Debian:12 / glusterfs

Package

Name
glusterfs
Purl
pkg:deb/debian/glusterfs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.3-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-26253.json"

Debian:13 / glusterfs

Package

Name
glusterfs
Purl
pkg:deb/debian/glusterfs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.3-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-26253.json"

Debian:14 / glusterfs

Package

Name
glusterfs
Purl
pkg:deb/debian/glusterfs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.3-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-26253.json"