CVE-2018-1000538

Name
CVE-2018-1000538
Description
Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests with large bodies . This vulnerability appears to have been fixed in after commit 9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://github.com/minio/minio/pull/5957
Patch https://github.com/minio/minio/commit/9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7#diff-e8c3bc9bc83b5516d0cc806cd461d08bL220

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:* minio >= None < 2018-05-16t23-35-33z

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
minio 3.17-community 0.20221029.062133-r5 Drew DeVault <sir@cmpwn.com> possibly vulnerable
minio 3.18-community 0.20230920.224955-r2 Celeste <cielesti@protonmail.com> possibly vulnerable
minio 3.19-community 0.20240131.202033-r3 Celeste <cielesti@protonmail.com> possibly vulnerable
minio 3.20-community 0.20240527.191746-r2 Celeste <cielesti@protonmail.com> possibly vulnerable
minio edge-community 0.20241107.005220-r0 Celeste <cielesti@protonmail.com> possibly vulnerable