CVE-2021-3979
published 2022-08-25CVE-2021-3979: A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to…
medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ceph | < ceph 16.2.9+ds-1 (bookworm) | ceph 16.2.9+ds-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| redhat | ceph_storage | — | — |
| redhat | ceph_storage | — | — |
| redhat | ceph_storage | — | — |
| redhat | ceph_storage | — | — |
| redhat | ceph_storage | — | — |
| redhat | ceph_storage | — | — |
| redhat | ceph_storage | >= 0 < 14.2.21-1+deb11u1 | 14.2.21-1+deb11u1 |
| redhat | ceph_storage | >= 0 < 16.2.9+ds-1 | 16.2.9+ds-1 |
| redhat | ceph_storage | >= 0 < 16.2.9+ds-1 | 16.2.9+ds-1 |
| redhat | ceph_storage | >= 0 < 16.2.9+ds-1 | 16.2.9+ds-1 |
| redhat | ceph_storage | >= 0 < 12.2.13-0ubuntu0.18.04.11 | 12.2.13-0ubuntu0.18.04.11 |
| redhat | ceph_storage | >= 0 < 15.2.17-0ubuntu0.20.04.3 | 15.2.17-0ubuntu0.20.04.3 |
| redhat | ceph_storage | >= 0 < 17.2.5-0ubuntu0.22.04.3 | 17.2.5-0ubuntu0.22.04.3 |
| redhat | ceph_storage_for_ibm_z_systems | — | — |
| redhat | ceph_storage_for_power | — | — |
| redhat | openshift_container_storage | — | — |
| redhat | openshift_data_foundation | — | — |
| redhat | openstack_platform | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
osv6.5MEDIUM