The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the "features/index" translator via the code handling the "GF_XATTR_CLRLK_CMD" xattr in the "pl_getxattr" function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.