Bug 1546610 (CVE-2018-7262) - CVE-2018-7262 ceph: Unauthenticated malformed HTTP requests handled by rgw_civetweb.cc:RGW::init_env() can lead to denial of service
Summary: CVE-2018-7262 ceph: Unauthenticated malformed HTTP requests handled by rgw_ci...
Alias: CVE-2018-7262
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1546611 1546613 1547673 1548926 1548927 1548928
Blocks: 1546612 1550199
TreeView+ depends on / blocked
Reported: 2018-02-19 02:57 UTC by Sam Fowler
Modified: 2019-09-29 14:32 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference flaw was found in RADOS Gateway HTTP request handling when using the Civetweb native webserver. An unauthenticated attacker could crash RADOS Gateway server by sending malicious HTTP requests.
Clone Of:
Last Closed: 2018-05-23 09:35:44 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0546 0 None None None 2018-03-15 18:29:28 UTC
Red Hat Product Errata RHSA-2018:0548 0 None None None 2018-03-15 18:31:04 UTC

Description Sam Fowler 2018-02-19 02:57:00 UTC
In ceph, HTTP request headers without a ":" character that are handled in rgw_civetweb.cc:RGW::init_env() can cause variables to be set to NULL, leading to a crash or other potentially unspecified behaviour.

Upstream Pull Request:


Comment 1 Sam Fowler 2018-02-19 02:57:35 UTC
Created ceph tracking bugs for this issue:

Affects: fedora-all [bug 1546611]

Comment 7 Siddharth Sharma 2018-02-26 03:58:32 UTC
Upstream Pull Request:


Comment 12 errata-xmlrpc 2018-03-15 18:29:20 UTC
This issue has been addressed in the following products:

  Red Hat Ceph Storage 3.0 for Ubuntu 16.04

Via RHSA-2018:0546 https://access.redhat.com/errata/RHSA-2018:0546

Comment 13 errata-xmlrpc 2018-03-15 18:30:55 UTC
This issue has been addressed in the following products:

  Red Hat Ceph Storage 3 for Red Hat Enterprise Linux 7

Via RHSA-2018:0548 https://access.redhat.com/errata/RHSA-2018:0548

Comment 16 Boris Ranto 2018-05-22 22:39:07 UTC
This was fixed upstream in 12.2.4, the latest rebase fixed it downstream, too.

Comment 17 Boris Ranto 2018-05-22 22:42:40 UTC
I am sorry, I had too many tabs opened and I have accidentally closed the wrong bug.

Note You need to log in before you can comment on or make changes to this bug.