{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "1.4.0" }, { "fixed": "1.4.3" }, { "introduced": "1.5.0" }, { "fixed": "1.5.2" }, { "introduced": "1.6.0" }, { "fixed": "1.6.2" }, { "introduced": "1.7.0" }, { "fixed": "1.7.1" }, { "introduced": "0" }, { "last_affected": "1.4.0-rc1" }, { "introduced": "0" }, { "last_affected": "1.4.0-rc2" }, { "introduced": "0" }, { "last_affected": "1.4.0-rc3" }, { "introduced": "0" }, { "last_affected": "1.4.0-rc4" }, { "introduced": "0" }, { "last_affected": "1.4.0-rc5" }, { "introduced": "0" }, { "last_affected": "1.8.0-dev" } ] }, "events": [ { "introduced": "b3fd2e7ab26e118222fe18af4b92c53a3c01e6cc" }, { "fixed": "1fee9b5365bf2424e4768dc1d5209c6c78dfece6" }, { "introduced": "f7e3872b0359c6095f8eeaefe408cb7dcef5bb83" }, { "fixed": "3088295d4156eb58d092ad9b3529b85fd33bd36e" }, { "introduced": "c7df5eadc075adcf525ea091f65786aaffb9b072" }, { "fixed": "a40aab9d0642b883c52504b1672878dc38438f36" }, { "introduced": "8419b870c571ac11825c883fa20ea3b7d4348d34" }, { "fixed": "d5678c3c5500cec72e22e775d9d048c55c128954" }, { "introduced": "0" }, { "last_affected": "b9187d54a97206b4a09fb5cb1d0834ab5fa5abd3" }, { "introduced": "0" }, { "last_affected": "f84a4c29c77b9c034f19fb965aaaebb26e23ca84" }, { "introduced": "0" }, { "last_affected": "2a785ce10c14dd9c78c4362abd66c00672fc0bcb" }, { "introduced": "0" }, { "last_affected": "832fdb49390318ab31ee37606c704db793b64c65" }, { "introduced": "0" }, { "last_affected": "b3fd2e7ab26e118222fe18af4b92c53a3c01e6cc" }, { "introduced": "0" }, { "last_affected": "acefa90695a32f8e8d6361f8192a6522aeaadbb9" } ], "repo": "https://github.com/apache/mesos", "type": "GIT" } ] } ], "details": "When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.", "id": "CVE-2018-11793", "modified": "2026-03-13T21:54:44.921599127Z", "published": "2019-03-05T21:29:00.243Z", "references": [ { "type": "WEB", "url": "https://lists.apache.org/thread.html/9be975c53e5ad612c7e0af39f5b88837fbfbc32108e587d3d8499844%40%3Cdev.mesos.apache.org%3E" }, { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/107281" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }