CVE-2022-3854
First published: Thu Nov 03 2022(Updated: )
A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/ceph | <17.2.5-0ubuntu0.22.04.3 | 17.2.5-0ubuntu0.22.04.3 |
| ubuntu/ceph | <17.2.5-0ubuntu0.22.10.3 | 17.2.5-0ubuntu0.22.10.3 |
| Redhat Ceph Storage | =3.0 | |
| Redhat Ceph Storage | =4.0 | |
| Redhat Ceph Storage | =5.0 | |
| debian/ceph | 12.2.11+dfsg1-2.1 12.2.11+dfsg1-2.1+deb10u1 14.2.21-1 16.2.11+ds-2 16.2.11+ds-5 18.2.1+ds-9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2139925
- https://launchpad.net/bugs/cve/CVE-2022-3854
- https://bugzilla.suse.com/show_bug.cgi?id=1205025
- https://tracker.ceph.com/issues/55765
- https://github.com/ceph/ceph/pull/47025
- https://github.com/ceph/ceph/commit/99f7c4aa1286edfea6961b92bb44bb8fe22bd599
- https://security-tracker.debian.org/tracker/CVE-2022-3854
- https://ubuntu.com/security/notices/USN-6063-1
- https://www.cve.org/CVERecord?id=CVE-2022-3854
- https://nvd.nist.gov/vuln/detail/CVE-2022-3854
- https://ubuntu.com/security/CVE-2022-3854
Frequently Asked Questions
What is CVE-2022-3854?
CVE-2022-3854 is a vulnerability found in Ceph relating to the URL processing on RGW backends, which can be exploited by an attacker to crash the RGW and cause a denial of service.
How does CVE-2022-3854 affect Ceph?
CVE-2022-3854 affects Ceph by allowing an attacker to exploit the URL processing on RGW backends, leading to a denial of service.
What is the severity of CVE-2022-3854?
The severity of CVE-2022-3854 is medium, with a severity value of 6.5.
How can I fix CVE-2022-3854 in Ubuntu?
To fix CVE-2022-3854 in Ubuntu, update to version 17.2.5-0ubuntu0.22.04.3 for Ubuntu 22.04 or version 17.2.5-0ubuntu0.22.10.3 for Ubuntu 22.10.
How can I fix CVE-2022-3854 in Debian?
To fix CVE-2022-3854 in Debian, update to version 12.2.11+dfsg1-2.1, 12.2.11+dfsg1-2.1+deb10u1, 14.2.21-1, 16.2.11+ds-2, or 16.2.11+ds-5 of the ceph package.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-3854
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/event
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- package-manager/ubuntu
- vendor/redhat
- canonical/redhat ceph storage
- version/redhat ceph storage/3.0
- version/redhat ceph storage/4.0
- version/redhat ceph storage/5.0
- package-manager/debian