Note:
This project will be discontinued after December 13, 2021. [more]
2018-03-19
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
Products | Fedora, Ceph |
Type | NULL Pointer Dereference (CWE-476) |
First patch | - None (likely due to unavailable code) |
Links |
• http://tracker.ceph.com/issues/23039
• https://access.redhat.com/errata/RHSA-2018:0548 • https://bugzilla.redhat.com/show_bug.cgi?id=1546611 • https://access.redhat.com/errata/RHSA-2018:0546 • https://github.com/ceph/ceph/pull/20488 |