CVE-2021-3531

CWE-20Improper Input ValidationCWE-617Reachable Assertion8 documents7 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 50.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat CephFedoraproject FedoraRedhat Ceph Storage
Timeline
PublishedMay 18
Latest updateMay 24

Description

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

NVDredhat/ceph< 14.2.21
Debianceph< 14.2.21-1+3
CVEListV5cephceph 14.2.21

Also affects: Fedora 32, 33, 34

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-wc6g-g56r-jp2f: A flaw was found in the Red Hat Ceph Storage RGW in versions before 142022-05-24
OSV
CVE-2021-3531: A flaw was found in the Red Hat Ceph Storage RGW in versions before 142021-05-18
CVEList
CVE-2021-3531: A flaw was found in the Red Hat Ceph Storage RGW in versions before 142021-05-18

📋Vendor Advisories

4
Ubuntu
Ceph vulnerabilities2021-11-01
Ubuntu
Ceph vulnerabilities2021-06-25
Red Hat
ceph: RGW unauthenticated denial of service2021-05-13
Debian
CVE-2021-3531: ceph - A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. Whe...2021
CVE-2021-3531 (MEDIUM CVSS 5.3) | A flaw was found in the Red Hat Cep | cvebase.io