When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache mesos |
||
apache mesos 1.4.0 |
||
apache mesos 1.6.0 |