{"id":"CVE-2018-14652","details":"The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.","modified":"2026-03-12T22:45:53.210170Z","published":"2018-10-31T19:29:00.487Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3431"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3432"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3470"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201904-06"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14652"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"3.0.0"},{"last_affected":"3.1.2"}]},{"events":[{"introduced":"4.1.0"},{"last_affected":"4.1.8"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14652.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}