Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2021-3531

Published: 18/05/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

A flaw was found in the Red Hat Ceph Storage RGW in versions prior to 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat ceph storage 4.0

redhat ceph

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Red Hat: Moderate: Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update
Synopsis Moderate: Red Hat Ceph Storage 51 Security, Enhancement, and Bug Fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat Ceph Storage 51 is now availableRed Hat Product Security has rated this update ...
Debian CVElist Bug Report Logs: ceph: CVE-2021-3531
Debian Bug report logs - #988890 ceph: CVE-2021-3531 Package: src:ceph; Maintainer for src:ceph is Ceph Packaging Team <team+ceph@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 May 2021 19:12:01 UTC Severity: grave Tags: security, upstream Found in version ceph/14220-2 ...
Arch Linux Issues:
A security issue was found in the Red Hat Ceph Storage RGW before version 15212 When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service ...

Mailing Lists

Full Disclosure: CVE-2021-3531: Ceph: RGW unauthenticated denial of service
Hello, A flaw was found in the Red Hat Ceph Storage RGW When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service We have assigned it a CVE of CVE-2021-3531 and a patch is attached Fixes may be found here: Nautilus: githubcom/ceph/ceph/commit/f44a8ae8aa27e ...
Full Disclosure: Re: CVE-2021-3531: Ceph: RGW unauthenticated denial of service
To clarify, the correct patch may be found in the following commit githubcom/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e Ana McTaggart Red Hat Product Security Red Hat Remote <wwwredhatcom> secalert () redhat com for urgent response amct () redhat com M: +1 (774)279-0791 <7742790791> IM: am ...

References

CWE-617https://bugzilla.redhat.com/show_bug.cgi?id=1955326http://www.openwall.com/lists/oss-security/2021/05/14/5http://www.openwall.com/lists/oss-security/2021/05/17/7https://lists.debian.org/debian-lts-announce/2023/10/msg00034.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPCJN2YDZCBMF4FOJXSTAADKFGEQEO7O/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX5ZHI5L7FOHXOSEV3TYBAL66DMLJ7V5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZRUNDH2TJRZRWL3DCH2PQ6KROWTPQ7AJ/https://access.redhat.com/errata/RHSA-2022:1174https://nvd.nist.govhttps://security.archlinux.org/CVE-2021-3531
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
log injectionCVE-2024-37079type confusionCVE-2024-32943CVE-2024-30103CVE-2024-37350arbitrary codeCVE-2024-6189CVE-2024-6225
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook