It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | glusterfs | < 4.0.1-1 | glusterfs_4.0.1-1_all.deb |
Debian | 11 | all | glusterfs | < 4.0.1-1 | glusterfs_4.0.1-1_all.deb |
Debian | 10 | all | glusterfs | < 4.0.1-1 | glusterfs_4.0.1-1_all.deb |
Debian | 999 | all | glusterfs | < 4.0.1-1 | glusterfs_4.0.1-1_all.deb |
Debian | 13 | all | glusterfs | < 4.0.1-1 | glusterfs_4.0.1-1_all.deb |