VDB
CVE-2021-3531
CVE-2021-3531
PUBLISHED
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
EPSS 0.26% · 49.4th percentile
Risk Scores
EPSS Score
0.26%
49.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | ceph | 12.2.0-0ubuntu1, 12.2.1-0ubuntu1, 12.2.2-0ubuntu1 |
| Ubuntu:20.04:LTS | ceph | 0, 14.2.2-0ubuntu3, 14.2.2-0ubuntu4 |
Exploit Intelligence
- [oss-security] 20210514 CVE-2021-3531: Ceph: RGW unauthenticated denial of service (circl)
- [oss-security] 20210517 Re: CVE-2021-3531: Ceph: RGW unauthenticated denial of service (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=1955326 (circl)
- FEDORA-2021-ec414c5e18 (circl)
- FEDORA-2021-6e540b85b9 (circl)
- FEDORA-2021-1bf13db941 (circl)
- [debian-lts-announce] 20231023 [SECURITY] [DLA 3629-1] ceph security update (circl)
Timeline
- May 18, 2021 CVE Published
- May 19, 2021 EPSS Score
- May 23, 2021 EPSS Score
- Sep 21, 2021 EPSS Score
- Nov 22, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 25, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 25, 2022 EPSS Score
- Sep 26, 2022 EPSS Score
- Nov 27, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-3531 third-party-advisory
- https://www.openwall.com/lists/oss-security/2021/05/14/5 third-party-advisory
- https://ubuntu.com/security/notices/USN-4998-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5128-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-3531 third-party-advisory