View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-10907 severity important: SUSE including 9 source package names (glusterfs-3.12.15-lp151.3.3.1, glusterfs-devel-3.12.15-lp151.3.3.1, …), 9 product×package rows across 1 product lines (openSUSE Leap 15.1): Fixed 9.
It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.