Skip to main content

Ceph CVE-2018-7262

HIGH
NULL Pointer Dereference (CWE-476)
2018-03-19 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 19, 2018 - 21:29 nvd
HIGH 7.5

DescriptionNVD

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

AnalysisAI

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. Affected products include: Redhat Ceph, Fedoraproject Fedora. Version information: before 12.2.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

More in Ceph

View all
CVE-2016-7031 HIGH POC
7.5 Oct 03

The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list

CVE-2022-0670 CRITICAL
9.1 Jul 25

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manil

CVE-2020-25660 HIGH
8.8 Nov 23

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not ve

CVE-2018-10861 HIGH
8.1 Jul 10

A flaw was found in the way ceph mon handles user requests. Rated high severity (CVSS 8.1), this vulnerability is remote

CVE-2020-10736 HIGH
8.0 Jun 22

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr d

CVE-2020-12059 HIGH
7.5 Apr 22

An issue was discovered in Ceph through 13.2.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitab

CVE-2020-1699 HIGH
7.5 Apr 21

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph

CVE-2019-10222 HIGH
7.5 Nov 08

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. Rated high severity

CVE-2018-1128 HIGH
7.5 Jul 10

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attac

CVE-2021-20288 HIGH
7.2 Apr 15

An authentication flaw was found in ceph in versions before 14.2.20. Rated high severity (CVSS 7.2), this vulnerability

CVE-2020-27781 HIGH
7.1 Dec 18

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential pr

CVE-2020-1759 MEDIUM
6.8 Apr 13

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vul

Share

CVE-2018-7262 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy