6.5

CVE-2021-3979

EPSS 0.23%
Veröffentlicht 25.08.2022 20:15:09
Zuletzt bearbeitet 03.11.2025 19:15:40
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Ceph Storage Version3.0

Redhat ≫ Ceph Storage Version4.3

Redhat ≫ Ceph Storage Version5.1

Redhat ≫ Openshift Container Storage Version4.0

Redhat ≫ Openshift Data Foundation Version4.0

Redhat ≫ Openstack Platform Version13.0

Redhat ≫ Ceph Storage For Ibm Z Systems Version4.0

Redhat ≫ Ceph Storage Version4.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Ceph Storage Version5.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Ceph Storage For Power Version4.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Ceph Storage Version4.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Ceph Storage Version5.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Ceph Storage For Power Version4.0

Redhat ≫ Enterprise Linux Version7.0

Fedoraproject ≫ Fedora Version35

Fedoraproject ≫ Fedora Version37

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.456

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html

https://access.redhat.com/security/cve/CVE-2021-3979

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2024788

Vendor Advisory

Issue Tracking

https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656

Patch

Third Party Advisory

https://github.com/ceph/ceph/pull/44765

Patch

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q/

Mailing List

https://tracker.ceph.com/issues/54006

Vendor Advisory

Issue Tracking

https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html

https://nvd.nist.gov/vuln/detail/CVE-2021-3979

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3979

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3979

EUVD