Note:
This project will be discontinued after December 13, 2021. [more]
2018-09-04
It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.
| Products | Glusterfs |
| Type | Uncontrolled Resource Consumption (CWE-400) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://review.gluster.org/#/c/glusterfs/+/20723/
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10924 • https://security.gentoo.org/glsa/201904-06 |