CVE-2018-10924

It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch…

redhat·CWE-400·Published 2018-09-04

CVSS

—

EPSS

0.02

KEV

Exploits

cve.orgen

227 chars

It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.

NVDen

227 chars

NVDes

282 chars

Se ha descubierto que la llamada del sistema fsync(2) en el código del cliente glusterfs filtra memoria. Un atacante autenticado podría empelar este error para lanzar un ataque de denegación de servicio (DoS) haciendo que los clientes gluster consuman la memoria de la máquina host.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.0	6.9	AV:N/AC:L/Au:S/C:N/I:N/A:C
3.0	Primary	NVD	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H