Sign-up

ID

VAR-201806-0819


CVE

CVE-2018-1000538


TITLE

Minio Inc. Minio S3 Vulnerability in server descriptors or unrestricted file descriptor or handle allocation

Trust: 0.8

sources: JVNDB: JVNDB-2018-006998

DESCRIPTION

Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests with large bodies . This vulnerability appears to have been fixed in after commit 9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7

Trust: 1.62

sources: NVD: CVE-2018-1000538 // JVNDB: JVNDB-2018-006998

AFFECTED PRODUCTS

vendor:miniomodel:minioscope:ltversion:2018-05-16t23-35-33z

Trust: 1.0

vendor:miniomodel:minioscope:eqversion:release.2018-05-16t23-35-33z

Trust: 0.8

vendor:miniomodel:minioscope:eqversion:2018-03-19t19-22-06z

Trust: 0.6

vendor:miniomodel:minioscope:eqversion:2018-04-04t05-20-54z

Trust: 0.6

vendor:miniomodel:minioscope:eqversion:2018-04-12t23-41-09z

Trust: 0.6

vendor:miniomodel:minioscope:eqversion:2018-04-19t22-54-58z

Trust: 0.6

vendor:miniomodel:minioscope:eqversion:2018-05-10t00-00-42z

Trust: 0.6

vendor:miniomodel:minioscope:eqversion:2018-03-30t00-38-44z

Trust: 0.6

vendor:miniomodel:minioscope:eqversion:2018-03-28t23-45-53z

Trust: 0.6

vendor:miniomodel:minioscope:eqversion:2018-05-11t00-29-24z

Trust: 0.6

vendor:miniomodel:minioscope:eqversion:2018-04-27t23-33-52z

Trust: 0.6

vendor:miniomodel:minioscope:eqversion:2018-05-04t23-13-12z

Trust: 0.6

sources: JVNDB: JVNDB-2018-006998 // NVD: CVE-2018-1000538 // CNNVD: CNNVD-201806-1260

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2018-1000538
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201806-1260
value: MEDIUM

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2018-1000538
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2018-1000538
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2018-006998 // NVD: CVE-2018-1000538 // CNNVD: CNNVD-201806-1260

PROBLEMTYPE DATA

problemtype:CWE-774

Trust: 1.8

sources: JVNDB: JVNDB-2018-006998 // NVD: CVE-2018-1000538

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-1260

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201806-1260

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2018-1000538

PATCH
title:security: fix write-to-RAM DoS vulnerability (#5957)url:https://github.com/minio/minio/commit/9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7#diff-e8c3bc9bc83b5516d0cc806cd461d08bl220
Trust: 0.8
title:Minio S3 server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81537
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-006998 // 
            
            
            
            CNNVD: CNNVD-201806-1260

EXTERNAL IDS
db:NVDid:CVE-2018-1000538
Trust: 2.4
db:JVNDBid:JVNDB-2018-006998
Trust: 0.8
db:CNNVDid:CNNVD-201806-1260
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-006998 // 
            
            
            
            NVD: CVE-2018-1000538 // 
            
            
            
            CNNVD: CNNVD-201806-1260

REFERENCES
url:https://github.com/minio/minio/commit/9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7#diff-e8c3bc9bc83b5516d0cc806cd461d08bl220
Trust: 1.6
url:https://github.com/minio/minio/pull/5957
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1000538
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1000538
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-006998 // 
            
            
            
            NVD: CVE-2018-1000538 // 
            
            
            
            CNNVD: CNNVD-201806-1260

SOURCES
db:JVNDBid:JVNDB-2018-006998
db:NVDid:CVE-2018-1000538
db:CNNVDid:CNNVD-201806-1260

LAST UPDATE DATE
2023-12-18T12:36:44.963000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2018-006998date:2018-09-05T00:00:00
db:NVDid:CVE-2018-1000538date:2018-08-23T16:38:01.727
db:CNNVDid:CNNVD-201806-1260date:2018-06-28T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2018-006998date:2018-09-05T00:00:00
db:NVDid:CVE-2018-1000538date:2018-06-26T16:29:02.133
db:CNNVDid:CNNVD-201806-1260date:2018-06-26T00:00:00