PT-2021-5463 · Red Hat+5 · Red Hat Ceph Storage+5

Sage Mctaggart

Published

2020-09-20

Updated

2023-10-23

CVE-2021-3531

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Red Hat Ceph Storage RGW versions prior to 14.2.21

Description The issue is related to incorrect handling of a URL that ends with two slashes, which can cause the system to crash, resulting in a denial of service. This can be exploited by a remote attacker, posing the greatest threat to system availability.

Recommendations For versions prior to 14.2.21, update to version 14.2.21 or later to resolve the issue. As a temporary workaround, consider restricting access to swift URLs that end with two slashes to minimize the risk of exploitation.

Fix

DoS

Assertion Failure

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617CWE-20

Related Identifiers

ALT-PU-2020-2845

ALT-PU-2021-1819

ALT-PU-2021-1830

ALT-PU-2021-2332

BDU:2021-06309

CVE-2021-3531

DLA-3629-1

OPENSUSE-SU-2021:0833-1

OPENSUSE-SU-2021:1834-1

OPENSUSE-SU-2021_0833-1

OPENSUSE-SU-2021_1834-1

OPENSUSE-SU-2024:10676-1

RHSA-2022:1174

SUSE-SU-2021:1834-1

SUSE-SU-2021:1835-1

USN-4998-1

USN-5128-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Red Hat Ceph Storage

Suse

Ubuntu

PT-2021-5463 · Red Hat+5 · Red Hat Ceph Storage+5

CVE-2021-3531

Weakness Enumeration

Related Identifiers

Affected Products

References · 48