CVE-2018-10907 -- glusterfsID: oval:org.secpod.oval:def:2000769 | Date: (C)2019-05-30 (M)2023-12-20 |
Class: VULNERABILITY | Family: unix |
It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using "alloca". An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.
Platform: |
Debian 8.x |
Debian 9.x |