An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ceph | Linuxfoundation | * | 13.2.9 (including) |
| Red Hat Ceph Storage 3 - ELS | RedHat | ceph-2:12.2.12-139.el7cp | * |
| Red Hat Ceph Storage 3 - ELS | RedHat | ceph-ansible-0:3.2.56-1.el7cp | * |
| Red Hat Ceph Storage 3 - ELS | RedHat | cephmetrics-0:2.0.10-1.el7cp | * |
| Red Hat Ceph Storage 3 - ELS | RedHat | grafana-0:5.2.4-3.el7cp | * |
| Red Hat Ceph Storage 3 - ELS | RedHat | tcmu-runner-0:1.4.0-3.el7cp | * |
| Ceph | Ubuntu | bionic | * |
| Ceph | Ubuntu | esm-infra/bionic | * |
| Ceph | Ubuntu | trusty | * |
| Ceph | Ubuntu | upstream | * |
Potential Mitigations
References
- https://bugzilla.suse.com/show_bug.cgi?id=1170170
- https://docs.ceph.com/docs/master/releases/mimic/
- https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
- https://tracker.ceph.com/issues/44967
- https://usn.ubuntu.com/4528-1/
- https://bugzilla.suse.com/show_bug.cgi?id=1170170
- https://docs.ceph.com/docs/master/releases/mimic/
- https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
- https://tracker.ceph.com/issues/44967
- https://usn.ubuntu.com/4528-1/