CVE-2020-12059

Опубликовано: 22 апр. 2020

Источник: debian

Описание

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ceph	fixed	14.2.4-1		package
ceph	not-affected		stretch	package
ceph	not-affected		jessie	package

Примечания

https://tracker.ceph.com/issues/44967
Introduced with: https://github.com/ceph/ceph/commit/5fb068114bb3da2f8fabea89160a8453f861dc96 (v12.1.1)
Fixed by: https://github.com/ceph/ceph/commit/375d926a4f2720a29b079c216bafb884eef985c3 (v13.2.10)
Consider 14.x series as fixed due to the use of the new style xml parsing.

Связанные уязвимости

CVE-2020-12059

CVSS3: 7.5

ubuntu

почти 6 лет назад

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

CVE-2020-12059

CVSS3: 6.5

redhat

почти 6 лет назад

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

CVE-2020-12059

CVSS3: 7.5

nvd

почти 6 лет назад

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

SUSE-SU-2020:1158-1

suse-cvrf

почти 6 лет назад

Security update for ceph

GHSA-896g-qc8p-7wrp

CVSS3: 7.5

github

больше 3 лет назад

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.