CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26253 – Ubuntu Security Notice USN-5989-1
https://notcve.org/view.php?id=CVE-2023-26253
21 Feb 2023 — In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. Tao Lyu discovered that GlusterFS did not properly handle certain event notifications. An attacker could possibly use this issue to cause a denial of service. • https://github.com/gluster/glusterfs/issues/3954 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48340 – Ubuntu Security Notice USN-6507-1
https://notcve.org/view.php?id=CVE-2022-48340
21 Feb 2023 — In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free. It was discovered that GlusterFS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GlusterFS to crash, resulting in a denial of service. • https://github.com/gluster/glusterfs/issues/3732 • CWE-416: Use After Free •