CVE 2021-3531
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
Related bugs and status
CVE-2021-3531 (Candidate) is related to these bugs:
Bug #1892448: ceph 15.2.3-0ubuntu0.20.04.2 collides with ceph-deploy 2.0.1-0ubuntu1
Bug #1914584: [SRU] radosgw-admin user create error message confusing if user with email already exists
Bug #1928645: [SRU] ceph 16.2.4
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1928645 | [SRU] ceph 16.2.4 | ceph (Ubuntu) | High | Fix Released | ||
1928645 | [SRU] ceph 16.2.4 | ceph (Ubuntu Impish) | High | Fix Released | ||
1928645 | [SRU] ceph 16.2.4 | ceph (Ubuntu Hirsute) | High | Fix Released | ||
1928645 | [SRU] ceph 16.2.4 | Ubuntu Cloud Archive | High | Fix Released | ||
1928645 | [SRU] ceph 16.2.4 | Ubuntu Cloud Archive wallaby | High | Fix Released | ||
1928645 | [SRU] ceph 16.2.4 | Ubuntu Cloud Archive xena | High | Fix Released |
Bug #1929179: [SRU] ceph 15.2.12
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1929179 | [SRU] ceph 15.2.12 | ceph (Ubuntu) | Undecided | Invalid | ||
1929179 | [SRU] ceph 15.2.12 | ceph (Ubuntu Groovy) | High | Fix Released | ||
1929179 | [SRU] ceph 15.2.12 | ceph (Ubuntu Focal) | High | Fix Released | ||
1929179 | [SRU] ceph 15.2.12 | Ubuntu Cloud Archive | Undecided | Invalid | ||
1929179 | [SRU] ceph 15.2.12 | Ubuntu Cloud Archive ussuri | High | Fix Released |
See the
CVE page on Mitre.org
for more details.