Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2021-3979

Published: 25/08/2022 Updated: 23/10/2023
CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Redhat

Vulnerability Summary

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat ceph storage 3.0

redhat openstack platform 13.0

redhat openshift container storage 4.0

redhat openshift data foundation 4.0

redhat ceph storage for ibm z systems 4.0

redhat ceph storage 4.3

redhat ceph storage 5.1

redhat ceph_storage 4.0

redhat ceph_storage 5.0

redhat ceph_storage_for_power 4.0

fedoraproject fedora 35

fedoraproject fedora 37

Vendor Advisories

Red Hat: Moderate: Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update
Synopsis Moderate: Red Hat Ceph Storage 51 Security, Enhancement, and Bug Fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat Ceph Storage 51 is now availableRed Hat Product Security has rated this update ...
Red Hat: Moderate: Red Hat Ceph Storage 4.3 Security and Bug Fix update
Synopsis Moderate: Red Hat Ceph Storage 43 Security and Bug Fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New packages for Red Hat Ceph Storage 43 are now available on Red Hat Enterprise Linux 85Red Hat Pr ...
Red Hat: CVE-2021-3979
A key length flaw was found in Red Hat Ceph Storage An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks ...

Mailing Lists

Full Disclosure: Re: CVE-2021-3979 ceph: Ceph volume does not honour osd_dmcrypt_key_size
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2021-3979 ceph: Ceph volume does not honour osd_dmcrypt_key_size <!--X-Subject-Header-End--> <!--X-Head-of-Message--> ...
Full Disclosure: Re: CVE-2021-3979 ceph: Ceph volume does not honour osd_dmcrypt_key_size
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2021-3979 ceph: Ceph volume does not honour osd_dmcrypt_key_size <!--X-Subject-Header-End--> <!--X-Head-of-Message--> ...

References

CWE-287https://access.redhat.com/security/cve/CVE-2021-3979https://tracker.ceph.com/issues/54006https://github.com/ceph/ceph/pull/44765https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656https://bugzilla.redhat.com/show_bug.cgi?id=2024788https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q/https://lists.debian.org/debian-lts-announce/2023/10/msg00034.htmlhttps://access.redhat.com/errata/RHSA-2022:1174https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook