CVE-2017-7519Use of Externally-Controlled Format String in Ceph

CWE-134Use of Externally-Controlled Format String7 documents6 sources
Severity
4.4MEDIUMNVD
EPSS
0.0%
top 87.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian CephDebian Linux
Timeline
PublishedJul 27
Latest updateMay 13

Description

In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages1 packages

debiandebian/ceph< ceph 12.2.8+dfsg1-1 (bookworm)

Also affects: Debian Linux 10.0

🔴Vulnerability Details

2
GHSA
GHSA-ghfm-8rwr-p3hr: In Ceph, a format string flaw was found in the way libradosstriper parses input from user2022-05-13
OSV
CVE-2017-7519: In Ceph, a format string flaw was found in the way libradosstriper parses input from user2018-07-27

📋Vendor Advisories

2
Red Hat
ceph: libradosstriper processes arbitrary printf placeholders in user input2017-06-09
Debian
CVE-2017-7519: ceph - In Ceph, a format string flaw was found in the way libradosstriper parses input ...2017

💬Community

2
Bugzilla
CVE-2017-7519 ceph: libradosstriper processes arbitrary printf placeholders in user input [fedora-all]2017-06-09
Bugzilla
CVE-2017-7519 ceph: libradosstriper processes arbitrary printf placeholders in user input2017-06-09