4
CVSSv2

CVE-2018-16846

Published: 15/01/2019 Updated: 18/09/2020
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Summary

It was found in Ceph versions prior to 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.

Vulnerability Trend

Vendor Advisories

Synopsis Moderate: Red Hat Ceph Storage 33 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Ceph Storage 33 on Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate ...
Synopsis Moderate: Red Hat Ceph Storage 33 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Ceph Storage 33 on Ubuntu 1604Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulne ...
Debian Bug report logs - #921947 CVE-2018-16846 Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 10 Feb 2019 13:15:02 UTC Severity: important Tags: security, upstream Found in version ceph/12210+dfsg1-1 Fix ...
Debian Bug report logs - #921948 CVE-2018-14662 Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 10 Feb 2019 13:18:02 UTC Severity: important Tags: security, upstream Found in version ceph/12210+dfsg1-1 Fix ...
Debian Bug report logs - #918969 ceph: CVE-2018-16889: debug logging for v4 auth does not sanitize encryption keys Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 11 Jan 2019 08:06:02 UTC Severity: impor ...
Several security issues were fixed in Ceph ...
A flaw was found in the way the ListBucket function max-keys has no defined limit in the RGW codebase An authenticated ceph RGW user can cause a denial of service attack against OMAPs holding bucked indices ...