Описание
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 20.2.0-0ubuntu2 |
| esm-infra-legacy/trusty | released | 0.80.11-0ubuntu1.14.04.4+esm4 |
| esm-infra/bionic | released | 12.2.13-0ubuntu0.18.04.11+esm2 |
| esm-infra/focal | released | 15.2.17-0ubuntu0.20.04.6+esm1 |
| esm-infra/xenial | released | 10.2.11-0ubuntu0.16.04.3+esm3 |
| jammy | released | 17.2.9-0ubuntu0.22.04.2 |
| noble | released | 19.2.3-0ubuntu0.24.04.3 |
| plucky | ignored | end of life, was needed |
| questing | released | 19.2.3-0ubuntu1.25.10.3 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS3
Связанные уязвимости
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.
Ceph is a distributed object, block, and file storage platform. In ver ...
EPSS
7.5 High
CVSS3