DEBIAN-CVE-2018-14660

DEBIAN-CVE-2018-14660 PUBLISHED CVSS 6.5 MEDIUM

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	glusterfs	0, 0, 0
Debian:11	glusterfs	0, 0, 0
Debian:13	glusterfs	0, 0, 0
Debian:12	glusterfs	0, 0, 0

Timeline

Nov 1, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-14660 advisory

Open in Interactive Console →