DescriptionIt was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
|National Vulnerability Database||SUSE|
SUSE Security Advisories:
- openSUSE-SU-2020:0079-1, published Mon, 20 Jan 2020 06:11:03 +0100 (CET)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Leap 15.1|| ||Patchnames: |
SUSE Timeline for this CVECVE page created: Thu Aug 23 13:45:26 2018
CVE page last modified: Wed Oct 26 21:19:09 2022