A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
| Link | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2021/05/14/5 | mailing list third party advisory patch |
| http://www.openwall.com/lists/oss-security/2021/05/17/7 | mailing list third party advisory patch |
| https://bugzilla.redhat.com/show_bug.cgi?id=1955326 | issue tracking patch vendor advisory |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPCJN2YDZCBMF4FOJXSTAADKFGEQEO7O/ | vendor advisory |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX5ZHI5L7FOHXOSEV3TYBAL66DMLJ7V5/ | vendor advisory |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZRUNDH2TJRZRWL3DCH2PQ6KROWTPQ7AJ/ | vendor advisory |
| https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html | mailing list |