{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-12T00:00:00", "descriptions": [{"lang": "en", "value": "The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a \"00000000\" fragment header."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-05-04T18:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://review.gluster.org/#/c/8662/4"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1138145"}, {"name": "MDVSA-2015:211", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:211"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2015-0145.html"}, {"name": "openSUSE-SU-2015:0473", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00031.html"}, {"name": "openSUSE-SU-2015:0528", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00056.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:17.568Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://review.gluster.org/#/c/8662/4"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1138145"}, {"name": "MDVSA-2015:211", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:211"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2015-0145.html"}, {"name": "openSUSE-SU-2015:0473", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00031.html"}, {"name": "openSUSE-SU-2015:0528", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00056.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3619", "datePublished": "2015-03-27T14:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:17.568Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gluster:glusterfs:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "22D5621D-E919-4DAA-B97E-D4EE0827874F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a \"00000000\" fragment header."}, {"lang": "es", "value": "La funci\u00f3n __socket_proto_state_machine en GlusterFS 3.5 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de una cabecera de fragmento '00000000'."}], "id": "CVE-2014-3619", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-27T14:59:01.493", "references": [{"source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2015-0145.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00031.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00056.html"}, {"source": "secalert@redhat.com", "url": "http://review.gluster.org/#/c/8662/4"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:211"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1138145"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2015-0145.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00056.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://review.gluster.org/#/c/8662/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:211"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1138145"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank qinghao tang (Qihoo 360 Technology) for reporting this issue.", "affected_release": [{"advisory": "RHBA-2015:0038", "cpe": "cpe:/a:redhat:storage:2:client:el5", "package": "glusterfs-0:3.6.0.42-1.el5", "product_name": "Native Client for RHEL 5 for Red Hat Storage", "release_date": "2015-01-15T00:00:00Z"}, {"advisory": "RHBA-2015:0038", "cpe": "cpe:/a:redhat:storage:3:client:el6", "package": "glusterfs-0:3.6.0.42-1.el6", "product_name": "Native Client for RHEL 6 for Red Hat Storage", "release_date": "2015-01-15T00:00:00Z"}, {"advisory": "RHBA-2015:0040", "cpe": "cpe:/a:redhat:rhel_common:7::el7", "package": "glusterfs-0:3.6.0.42-1.el7", "product_name": "Red Hat Common for RHEL 7", "release_date": "2015-01-15T00:00:00Z"}, {"advisory": "RHBA-2015:0038", "cpe": "cpe:/a:redhat:storage:3:nagios:el6", "package": "glusterfs-0:3.6.0.42-1.el6rhs", "product_name": "Red Hat Storage 3 for RHEL 6", "release_date": "2015-01-15T00:00:00Z"}, {"advisory": "RHBA-2015:0038", "cpe": "cpe:/a:redhat:storage:3:nagios:el6", "package": "gluster-nagios-addons-0:0.1.14-1.el6rhs", "product_name": "Red Hat Storage 3 for RHEL 6", "release_date": "2015-01-15T00:00:00Z"}, {"advisory": "RHBA-2015:0038", "cpe": "cpe:/a:redhat:storage:3:nagios:el6", "package": "gluster-nagios-common-0:0.1.4-1.el6rhs", "product_name": "Red Hat Storage 3 for RHEL 6", "release_date": "2015-01-15T00:00:00Z"}, {"advisory": "RHBA-2015:0038", "cpe": "cpe:/a:redhat:storage:3:nagios:el6", "package": "gstatus-0:0.62-1.el6rhs", "product_name": "Red Hat Storage 3 for RHEL 6", "release_date": "2015-01-15T00:00:00Z"}, {"advisory": "RHBA-2015:0038", "cpe": "cpe:/a:redhat:storage:3:nagios:el6", "package": "openstack-swift-0:1.13.1-2.el6ost", "product_name": "Red Hat Storage 3 for RHEL 6", "release_date": "2015-01-15T00:00:00Z"}, {"advisory": "RHBA-2015:0038", "cpe": "cpe:/a:redhat:storage:3:nagios:el6", "package": "openstack-swift-plugin-swift3-0:1.7-3.el6ost", "product_name": "Red Hat Storage 3 for RHEL 6", "release_date": "2015-01-15T00:00:00Z"}, {"advisory": "RHBA-2015:0038", "cpe": "cpe:/a:redhat:storage:3:nagios:el6", "package": "python-paste-deploy-0:1.5.0-10.el6ost", "product_name": "Red Hat Storage 3 for RHEL 6", "release_date": "2015-01-15T00:00:00Z"}, {"advisory": "RHBA-2015:0038", "cpe": "cpe:/a:redhat:storage:3:nagios:el6", "package": "python-swiftclient-0:2.1.0-2.el6ost", "product_name": "Red Hat Storage 3 for RHEL 6", "release_date": "2015-01-15T00:00:00Z"}, {"advisory": "RHBA-2015:0038", "cpe": "cpe:/a:redhat:storage:3:nagios:el6", "package": "redhat-storage-server-0:3.0.3.4-1.el6rhs", "product_name": "Red Hat Storage 3 for RHEL 6", "release_date": "2015-01-15T00:00:00Z"}, {"advisory": "RHBA-2015:0038", "cpe": "cpe:/a:redhat:storage:3:nagios:el6", "package": "samba-0:3.6.509-169.4.el6rhs", "product_name": "Red Hat Storage 3 for RHEL 6", "release_date": "2015-01-15T00:00:00Z"}, {"advisory": "RHBA-2015:0038", "cpe": "cpe:/a:redhat:storage:3:nagios:el6", "package": "swiftonfile-0:1.13.1-2.el6rhs", "product_name": "Red Hat Storage 3 for RHEL 6", "release_date": "2015-01-15T00:00:00Z"}, {"advisory": "RHBA-2015:0038", "cpe": "cpe:/a:redhat:storage:3:nagios:el6", "package": "vdsm-0:4.14.7.3-1.el6rhs", "product_name": "Red Hat Storage 3 for RHEL 6", "release_date": "2015-01-15T00:00:00Z"}], "bugzilla": {"description": "glusterfs: fragment header infinite loop DoS", "id": "1138145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1138145"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-835", "details": ["The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a \"00000000\" fragment header.", "A denial of service flaw was found in the way the __socket_proto_state_machine() function of glusterfs processed certain fragment headers. A remote attacker could send a specially crafted fragment header that, when processed, would cause the glusterfs process to enter an infinite loop."], "name": "CVE-2014-3619", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "glusterfs", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "glusterfs", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "glusterfs", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:storage:2.1", "fix_state": "Will not fix", "package_name": "glusterfs", "product_name": "Red Hat Storage 2.1"}], "public_date": "2014-09-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3619\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3619"], "statement": "Red Hat Storage 2.1 receives only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Support Matrix:\nhttps://access.redhat.com/support/policy/updates/rhs", "threat_severity": "Moderate"}