Null Pointer Dereference Vulnerability in Ceph's RGW Process
CVE-2020-12059

7.5HIGH

Key Information:

Vendor: Linux
Status: Ceph
Vendor: CVE Published:; 22 April 2020

Summary

A vulnerability has been identified in the Ceph RGW process which can be exploited through a POST request containing incorrectly formatted tagging XML. This malformed XML may trigger a NULL pointer exception, resulting in the crash of the RGW process. The issue has been acknowledged in versions up to 13.2.9, emphasizing the need for immediate updates and remedial actions to ensure system stability and security.

References

https://tracker.ceph.com/issues/44967

https://bugzilla.suse.com/show_bug.cgi?id=1170170

https://docs.ceph.com/docs/master/releases/mimic/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2020
Vulnerability Reserved
Apr 22, 2020