CVE-2017-16818

CWE-617 — Reachable Assertion CWE-20 — Improper Input Validation8 documents6 sources

Severity

6.5MEDIUM

EPSS

0.6%

top 30.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ceph Fedoraproject Fedora

Timeline

PublishedDec 20

Latest updateMay 13

Description

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDredhat/ceph12.1.0 — 12.2.1

Also affects: Fedora 27

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-8cwf-cg6r-crcf: RADOS Gateway in Ceph 12↗2022-05-13

▶

CVEList

CVE-2017-16818: RADOS Gateway in Ceph 12↗2017-12-20

▶

📋Vendor Advisories

Red Hat

ceph: Failed assertion through user input in ceph_assert() function in rgw_iam_policy.cc↗2017-10-10

▶

Debian

CVE-2017-16818: ceph - RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to...↗2017

▶

💬Community

Bugzilla

CVE-2017-16818 ceph: Failed assertion through user input in ceph_assert() function in rgw_iam_policy.cc↗2017-11-21

▶

Bugzilla

CVE-2017-16818 ceph: Failed assertion through user input in ceph_assert() function in rgw_iam_policy.cc [epel-6]↗2017-11-21

▶

Bugzilla

CVE-2017-16818 ceph: Failed assertion through user input in ceph_assert() function in rgw_iam_policy.cc [fedora-all]↗2017-11-21

▶