摘要:
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.
安全等级: Low
公告ID: KylinSec-SA-2022-1233
发布日期: 2022年3月11日
关联CVE: CVE-2020-1700
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2020-1700 | KY3.4-4A | ceph | Unaffected |
| CVE-2020-1700 | KY3.4-5A | ceph | Unaffected |
