Описание
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| glusterfs | fixed | 3.6.2-1 | experimental | package |
| glusterfs | fixed | 3.5.2-2 | package | |
| glusterfs | not-affected | wheezy | package | |
| glusterfs | not-affected | squeeze | package |
Примечания
http://review.gluster.org/#/c/8848/ (3.5)
http://review.gluster.org/#/c/8662/4 (master)
GlusterFS after version 3.2 got changes in the RPC handling which seem to
introduce the vulnerability. With 3.2.x issue is not reproducible.
EPSS
Связанные уязвимости
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.
EPSS