{
  "threat_severity" : "Moderate",
  "public_date" : "2018-09-04T05:30:00Z",
  "bugzilla" : {
    "description" : "glusterfs: Denial-of-service via fsync(2) in Gluster FUSE client",
    "id" : "1611785",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1611785"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-400",
  "details" : [ "It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.", "It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine." ],
  "statement" : "This issue did not affect the versions of glusterfs as shipped with Red Hat Enterprise Linux 6 and 7, and Red Hat Gluster Storage 3.",
  "acknowledgement" : "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "glusterfs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "glusterfs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "glusterfs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Storage 3",
    "fix_state" : "Not affected",
    "package_name" : "glusterfs",
    "cpe" : "cpe:/a:redhat:storage:3"
  }, {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Not affected",
    "package_name" : "glusterfs",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-10924\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10924" ],
  "name" : "CVE-2018-10924",
  "csaw" : false
}