CVE-2016-5009
published 2016-07-12CVE-2016-5009: The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor…
medium6.5CVSS 3.0
AVNACLPRLUINSUCNINAH
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ceph | < ceph 10.2.5-1 (bookworm) | ceph 10.2.5-1 (bookworm) |
| redhat | ceph | <= 0.94.6 | — |
| redhat | ceph | >= 0 < 10.2.5-1 | 10.2.5-1 |
| redhat | ceph | >= 0 < 10.2.5-1 | 10.2.5-1 |
| redhat | ceph | >= 0 < 10.2.5-1 | 10.2.5-1 |
| redhat | ceph | >= 0 < 10.2.5-1 | 10.2.5-1 |
| redhat | ceph | >= 0 < 0.80.11-0ubuntu1.14.04.3 | 0.80.11-0ubuntu1.14.04.3 |
| redhat | ceph_storage_mon | — | — |
| redhat | ceph_storage_osd | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_for_scientific_computing | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM