Vulnerability in Ceph

CVE-2022-3854

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.

EPSS: 0.003 (54.3th percentile) — read the EPSS interpretation.

Affected products

N/a Ceph — versions As shipped with Red Hat Ceph 3, 4, and 5.

Weakness classification (CWE)

CWE-177

References

bugzilla.redhat.com/show_bug.cgi