CVE-2022-3854

2023-03-0623:15:11

Debian Security Bug Tracker

security-tracker.debian.org

flaw

ceph

url processing

denial of service

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

29.1%

JSON

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.

OSVersionArchitecturePackageVersionFilename
Debian12allceph< 16.2.10+ds-5ceph_16.2.10+ds-5_all.deb
Debian11allceph< 14.2.21-1ceph_14.2.21-1_all.deb
Debian999allceph< 16.2.10+ds-5ceph_16.2.10+ds-5_all.deb
Debian13allceph< 16.2.10+ds-5ceph_16.2.10+ds-5_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	ceph	< 16.2.10+ds-5	ceph_16.2.10+ds-5_all.deb
Debian	11	all	ceph	< 14.2.21-1	ceph_14.2.21-1_all.deb
Debian	999	all	ceph	< 16.2.10+ds-5	ceph_16.2.10+ds-5_all.deb
Debian	13	all	ceph	< 16.2.10+ds-5	ceph_16.2.10+ds-5_all.deb