Candidate: CVE-2014-3619
PublicDate: 2015-03-27 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3619
 http://review.gluster.org/#/c/8848/
 https://bugzilla.redhat.com/show_bug.cgi?id=1136712
Description:
 The __socket_proto_state_machine function in GlusterFS 3.5 allows remote
 attackers to cause a denial of service (infinite loop) via a "00000000"
 fragment header.
Ubuntu-Description:
 It was discovered that GlusterFS incorrectly handled network requests. An
 attacker could possibly use this issue to cause a denial of service.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_glusterfs:
 upstream: http://review.gluster.org/#/c/8848/2/rpc/rpc-transport/socket/src/socket.c,unified
upstream_glusterfs: needed
lucid_glusterfs: ignored (reached end-of-life)
precise_glusterfs: ignored (reached end-of-life)
precise/esm_glusterfs: DNE (precise was needed)
trusty_glusterfs: ignored (out of standard support)
trusty/esm_glusterfs: needed
utopic_glusterfs: ignored (reached end-of-life)
vivid_glusterfs: not-affected (3.5.2-2ubuntu1)
vivid/stable-phone-overlay_glusterfs: DNE
vivid/ubuntu-core_glusterfs: DNE
wily_glusterfs: not-affected (3.5.2-2ubuntu1)
xenial_glusterfs: not-affected (3.5.2-2ubuntu1)
yakkety_glusterfs: not-affected (3.5.2-2ubuntu1)
zesty_glusterfs: not-affected (3.5.2-2ubuntu1)
artful_glusterfs: not-affected (3.5.2-2ubuntu1)
bionic_glusterfs: not-affected (3.5.2-2ubuntu1)
cosmic_glusterfs: not-affected (3.5.2-2ubuntu1)
disco_glusterfs: not-affected (3.5.2-2ubuntu1)
eoan_glusterfs: not-affected (3.5.2-2ubuntu1)
focal_glusterfs: not-affected (3.5.2-2ubuntu1)
groovy_glusterfs: not-affected (3.5.2-2ubuntu1)
hirsute_glusterfs: not-affected (3.5.2-2ubuntu1)
impish_glusterfs: not-affected (3.5.2-2ubuntu1)
jammy_glusterfs: not-affected (3.5.2-2ubuntu1)
devel_glusterfs: not-affected (3.5.2-2ubuntu1)