CVE-2018-7262
A NULL pointer dereference flaw was found in RADOS Gateway HTTP request handling when using the Civetweb native webserver. An unauthenticated attacker could crash RADOS Gateway server by sending malicious HTTP requests.
Find out more about CVE-2018-7262 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v3 metrics
| CVSS3 Base Score | 7.3 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity Impact | Low |
| Availability Impact | Low |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Ceph Storage 3 for Red Hat Enterprise Linux 7 | RHSA-2018:0546 | 2018-03-15 |
| Red Hat Ceph Storage 3 for Ubuntu | RHSA-2018:0548 | 2018-03-15 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | ceph-common | Not affected |
| Red Hat Ceph Storage 2 | ceph | Not affected |
| Red Hat Ceph Storage 1.3 | ceph | Not affected |