CVE-2019-3821

NameCVE-2019-3821
DescriptionA flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ceph (PTS)bullseye14.2.21-1fixed
bullseye (security)14.2.21-1+deb11u1fixed
bookworm, bookworm (security)16.2.15+ds-0+deb12u1fixed
forky, sid, trixie18.2.7+ds-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cephsource(unstable)(not affected)

Notes

- ceph <not-affected> (Vulnerable code introduced later)
https://bugzilla.redhat.com/show_bug.cgi?id=1656852
https://github.com/ceph/civetweb/pull/33
Search for package or bug name: Reporting problems