CVE-2023-46738
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2023-46738 is a vulnerability affecting the CubeFS HandlerNode in versions prior to 3.3.1. This issue allows authenticated users to send maliciously-crafted requests that cause the ObjectNode to crash, denying access to other users. The root cause is the improper handling of incoming HTTP requests, which can allow an attacker to control the amount of memory allocated to the ObjectNode. Malicious requests can lead to memory exhaustion, rendering the ObjectNode unusable. To exploit this vulnerability, an attacker must be authenticated and have permissions to delete objects, as well as knowledge of existing bucket names in the CubeFS deployment. This vulnerability primarily threatens inside users or attackers who have breached the accounts of existing users in the cluster. The issue has been resolved in version 3.3.1, and there is no alternative mitigation besides upgrading.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linuxfoundation Cubefs
Affected Vendors
- Linux Foundation