CVE-2022-3854

CWE-1778 documents8 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 76.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Ceph Storage
Timeline
PublishedMar 6
Latest updateMay 9

Description

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Debianceph< 16.2.10+ds-5+2
CVEListV5cephAs shipped with Red Hat Ceph 3, 4, and 5.
NVDredhat/ceph_storage3.0, 4.0, 5.0+2

🔴Vulnerability Details

3
GHSA
GHSA-rm99-52xq-2r9w: A flaw was found in Ceph, relating to the URL processing on RGW backends2023-03-07
OSV
CVE-2022-3854: A flaw was found in Ceph, relating to the URL processing on RGW backends2023-03-06
CVEList
CVE-2022-3854: A flaw was found in Ceph, relating to the URL processing on RGW backends2023-03-06

📋Vendor Advisories

4
Ubuntu
Ceph vulnerabilities2023-05-09
Microsoft
A flaw was found in Ceph relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW causing a denial of service.2023-03-14
Red Hat
ceph: possible DoS issue in ceph URL processing on RGW backends2022-11-03
Debian
CVE-2022-3854: ceph - A flaw was found in Ceph, relating to the URL processing on RGW backends. An att...2022
CVE-2022-3854 (MEDIUM CVSS 6.5) | A flaw was found in Ceph | cvebase.io