Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 28 Aug 2019 15:27:48 +0000
From: Alexandros Toptsoglou <>
To: "" <>
Subject: CVE-2019-10222: ceph: unauthenticated clients can crash RGW

Hi all,

an improper exception handling was found in RGW component of Ceph.
Please find the details below.

CVE-2019-10222: ceph: unauthenticated clients can crash RGW

Affected versions:
Nautilus (version 14.2.X)
Mimic (version 13.2.X)
Luminous (version 12.2.X) only if an experimental feature is enabled in
  enable experimental unrecoverable data corrupting features =

An improper exception condition handling in Ceph allows to any single
client to crash RGW component of Ceph by sending a special crafted HTTP
request which lead
to denial of service.
The vulnerability affects the RGW component of Ceph, specifically the

Apply the fix of pull request in

- 2019-08-07: Issue discovered.
- 2019-08-08: Issue reported to
- 2019-08-16: Coordinated release date set on 28th
- 2019-08-28: Disclosure


This vulnerability was discovered by Abhishek Lekshmanan of SUSE
Software Solutions Germany GmbH
Alexandros Toptsoglou <>
Security Engineer
OpenPGP fingerprint: C270 3848 AA4A 783A 9848  BB06 56A3 3D9C B652 1869

SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nuremberg
(HRB 247165, AG München)
Managing Director: Felix Imendörffer

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.