Medium severity6.5NVD Advisory· Published Dec 20, 2017· Updated Jun 17, 2026
CVE-2017-16818
CVE-2017-16818
Description
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*
- Range: 12.1.0 - 12.2.1
- osv-coords4 versionspkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 12.2.5+git.1524775272.5e7ea8cf03-2.7.1+ 3 more
- (no CPE)range: < 12.2.5+git.1524775272.5e7ea8cf03-2.7.1
- (no CPE)range: < 12.2.5+git.1524775272.5e7ea8cf03-2.7.1
- (no CPE)range: < 12.2.5+git.1524775272.5e7ea8cf03-2.7.1
- (no CPE)range: < 12.2.5+git.1524775272.5e7ea8cf03-2.7.1
Patches
Vulnerability mechanics
References
3- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745anvdPatchThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6VJA32U7HKGDRJQDJVM7JBYWD4T7BJL/nvd
News mentions
0No linked articles in our index yet.