CVE-2018-1330

Summary

When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Mesos1.4.0 to 1.5.0affected

Weaknesses

  • Denial of Service

ADP Enrichment

CVE Program Container

Additional References

References