Unrated severityNVD Advisory· Published Apr 22, 2020· Updated Aug 4, 2024

CVE-2020-12059

Description

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

Affected products

Ceph/Cephdescription
osv-coords14 versions
pkg:bitnami/ceph pkg:rpm/suse/ceph&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/ceph&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ceph&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
<= 13.2.9+ 13 more
- (no CPE)range: <= 13.2.9
- (no CPE)range: < 12.2.12+git.1587570958.35d78d0243-2.45.1
- (no CPE)range: < 12.2.12+git.1587570958.35d78d0243-2.45.1
- (no CPE)range: < 12.2.12+git.1587570958.35d78d0243-2.45.1
- (no CPE)range: < 12.2.12+git.1587570958.35d78d0243-2.45.1
- (no CPE)range: < 12.2.12+git.1587570958.35d78d0243-2.45.1
- (no CPE)range: < 12.2.12+git.1587570958.35d78d0243-2.45.1
- (no CPE)range: < 12.2.12+git.1587570958.35d78d0243-2.45.1
- (no CPE)range: < 12.2.12+git.1587570958.35d78d0243-2.45.1
- (no CPE)range: < 12.2.12+git.1587570958.35d78d0243-2.45.1
- (no CPE)range: < 12.2.12+git.1587570958.35d78d0243-2.45.1
- (no CPE)range: < 12.2.12+git.1587570958.35d78d0243-2.45.1
- (no CPE)range: < 12.2.12+git.1587570958.35d78d0243-2.45.1
- (no CPE)range: < 12.2.12+git.1587570958.35d78d0243-2.45.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

usn.ubuntu.com/4528-1/mitrevendor-advisory
lists.debian.org/debian-lts-announce/2023/10/msg00034.htmlmitremailing-list
bugzilla.suse.com/show_bug.cgimitre
docs.ceph.com/docs/master/releases/mimic/mitre
tracker.ceph.com/issues/44967mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000