Lucene search
PRIOn knowledge basePRION:CVE-2021-3979HistoryAug 25, 2022 - 8:15 p.m.
Design/Logic Flaw
2022-08-2520:15:00
PRIOn knowledge base
www.prio-n.com
5
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fedora | eq | 35 | |
| fedora | eq | 37 | |
| ceph_storage | eq | 3.0 | |
| ceph_storage | eq | 4.3 | |
| ceph_storage | eq | 5.1 | |
| ceph_storage | eq | 4.0 | |
| ceph_storage | eq | 5.0 | |
| ceph_storage | eq | 4.0 | |
| ceph_storage | eq | 5.0 | |
| ceph_storage_for_ibm_z_systems | eq | 4.0 |
References
access.redhat.com/security/cve/CVE-2021-3979
bugzilla.redhat.com/show_bug.cgi?id=2024788
github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656
github.com/ceph/ceph/pull/44765
lists.debian.org/debian-lts-announce/2023/10/msg00034.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q/
tracker.ceph.com/issues/54006
Related
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0138)
2022-04-14 00:00:00
openSUSE: Security Advisory for ceph (SUSE-SU-2022:2818-1)
2022-08-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4501-1)
2022-12-16 00:00:00
suse
suse
Security update for ceph (important)
2022-08-16 00:00:00
ubuntucve
ubuntucve
CVE-2021-3979
2022-08-25 00:00:00
nessus
nessus
EulerOS 2.0 SP8 : ceph (EulerOS-SA-2023-1308)
2023-02-08 00:00:00
SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2022:4501-1)
2022-12-17 00:00:00
SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2022:2818-1)
2022-08-17 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: ceph-17.2.5-1.fc37
2022-11-10 22:50:11
redhatcve
redhatcve
CVE-2021-3979
2022-01-12 23:22:09
nvd
nvd
CVE-2021-3979
2022-08-25 20:15:09
cve
cve
CVE-2021-3979
2022-08-25 20:15:09
veracode
veracode
Access Control Bypass
2022-04-23 00:42:48
osv
osv
CVE-2021-3979
2022-08-25 20:15:09
ceph vulnerabilities
2023-05-09 21:51:19
ceph - security update
2023-10-23 00:00:00
debiancve
debiancve
CVE-2021-3979
2022-08-25 20:15:09
cvelist
cvelist
CVE-2021-3979
2022-08-25 00:00:00
mageia
mageia
Updated ceph packages fix security vulnerability
2022-04-13 19:06:19
redhat
redhat
ubuntu
ubuntu
Ceph vulnerabilities
2023-05-09 00:00:00
debian
debian
[SECURITY] [DLA 3629-1] ceph security update
2023-10-23 16:59:44