CVE-2020-12059

CWE-476NULL Pointer DereferenceCWE-20Improper Input Validation9 documents8 sources
Severity
7.5HIGH
EPSS
0.3%
top 48.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linuxfoundation CephCanonical Ubuntu Linux
Timeline
PublishedApr 22
Latest updateMay 24

Description

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debianceph< 14.2.4-1+3
Ubuntuceph< 10.2.11-0ubuntu0.16.04.3+1

Also affects: Ubuntu Linux 16.04, 18.04

Patches

Patch: bugzilla.suse.comPatch: bugzilla.suse.com

🔴Vulnerability Details

4
GHSA
GHSA-896g-qc8p-7wrp: An issue was discovered in Ceph through 132022-05-24
OSV
ceph vulnerabilities2020-09-22
CVEList
CVE-2020-12059: An issue was discovered in Ceph through 132020-04-22
OSV
CVE-2020-12059: An issue was discovered in Ceph through 132020-04-22

📋Vendor Advisories

3
Ubuntu
Ceph vulnerabilities2020-09-22
Red Hat
ceph: specially crafted XML payload on POST requests leads to DoS by crashing RGW2020-04-07
Debian
CVE-2020-12059: ceph - An issue was discovered in Ceph through 13.2.9. A POST request with an invalid t...2020

💬Community

1
Bugzilla
CVE-2020-12059 ceph: specially crafted XML payload on POST requests leads to DoS by crashing RGW2020-04-23
CVE-2020-12059 (HIGH CVSS 7.5) | An issue was discovered in Ceph thr | cvebase.io