PT-2019-4930 · Red Hat+3 · Ceph+3

Pedro Sampaio

·

Published

2019-01-07

·

Updated

2022-04-19

·

CVE-2018-16846

CVSS v2.0

6.8

Medium

VectorAV:N/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Ceph versions prior to 13.2.4
Description The issue exists due to insufficient input validation in the Ceph storage system. Exploitation of this issue can allow a remote attacker to cause a denial of service. Authenticated Ceph RGW users can cause this denial of service against OMAPs holding bucket indices.
Recommendations For versions prior to 13.2.4, update to version 13.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to authenticated Ceph RGW users to minimize the risk of exploitation.

Fix

DoS

RCE

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-770

Related Identifiers

ALT-PU-2019-1312
BDU:2020-01538
CVE-2018-16846
DLA-1696-1
DLA-2735-1
OPENSUSE-SU-2019:1284-1
OPENSUSE-SU-2019_0306-1
OPENSUSE-SU-2019_1284-1
RHSA-2019:2538
SUSE-SU-2019:0499-1
SUSE-SU-2019:0586-1
USN-4035-1

Affected Products

Alt Linux
Ceph
Suse
Ubuntu