CVE-2021-3979

Sažetak

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.

Reference

https://access.redhat.com/security/cve/CVE-2021-3979
https://tracker.ceph.com/issues/54006
https://github.com/ceph/ceph/pull/44765
https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656
https://bugzilla.redhat.com/show_bug.cgi?id=2024788
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q/
https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html

CVSS

Base:	6.5
Impact:	2.5
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	-

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Zadnje važnije ažuriranje

23-10-2023 - 19:15

Objavljeno

25-08-2022 - 20:15