Your submission was sent successfully! Close

CVE-2021-3531

Published: 18 May 2021

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.

From the Ubuntu security team

It was discovered that Ceph's RadosGW (Ceph Object Gateway) did not properly handle GET requests for swift URLs in some situations, leading to an application crash. An attacker could use this to cause a denial of service.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
ceph
Launchpad, Ubuntu, Debian
bionic
Released (12.2.13-0ubuntu0.18.04.10)
focal
Released (15.2.12-0ubuntu0.20.04.1)
groovy
Released (15.2.12-0ubuntu0.20.10.1)
hirsute
Released (16.2.6-0ubuntu0.21.04.2)
impish
Released (16.2.4-0ubuntu1)
jammy
Released (16.2.4-0ubuntu1)
precise Ignored
(end of ESM support, was needs-triage)
trusty Needs triage

upstream
Released (15.2.12)
xenial Needs triage