CVE-2016-8626

CWE-476 — NULL Pointer Dereference CWE-20 — Improper Input Validation9 documents8 sources

Severity

6.5MEDIUM

EPSS

2.9%

top 13.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ceph RED HAT Ceph Redhat Enterprise Linux Desktop +2 more

Timeline

PublishedJul 31

Latest updateMay 13

Description

A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶NVDredhat/ceph< 0.94.3.9-8

▶Debianceph< 10.2.5-1+3

▶CVEListV5red_hat/ceph0.94.9-8

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

Patches

Patch: tracker.ceph.com ↗Patch: tracker.ceph.com ↗

🔴Vulnerability Details

GHSA

GHSA-784r-h477-mqpc: A flaw was found in Red Hat Ceph before 0↗2022-05-13

▶

CVEList

CVE-2016-8626: A flaw was found in Red Hat Ceph before 0↗2018-07-31

▶

OSV

CVE-2016-8626: A flaw was found in Red Hat Ceph before 0↗2018-07-31

▶

OSV

ceph vulnerabilities↗2017-10-11

▶

📋Vendor Advisories

Ubuntu

Ceph vulnerabilities↗2017-10-11

▶

Red Hat

Ceph: RGW Denial of Service by sending null or specially crafted POST object requests↗2016-10-20

▶

Debian

CVE-2016-8626: ceph - A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway ha...↗2016

▶

💬Community

Bugzilla

CVE-2016-8626 Ceph: RGW Denial of Service by sending null or specially crafted POST object requests↗2016-10-27

▶