6.5

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatCeph Storage Version3.0
RedhatCeph Storage Version4.3
RedhatCeph Storage Version5.1
RedhatOpenstack Platform Version13.0
RedhatCeph Storage Version4.0
   RedhatEnterprise Linux Version8.0
RedhatCeph Storage Version5.0
   RedhatEnterprise Linux Version8.0
RedhatCeph Storage For Power Version4.0
   RedhatEnterprise Linux Version8.0
RedhatCeph Storage Version4.0
   RedhatEnterprise Linux Version7.0
RedhatCeph Storage Version5.0
   RedhatEnterprise Linux Version7.0
RedhatCeph Storage For Power Version4.0
   RedhatEnterprise Linux Version7.0
FedoraprojectFedora Version35
FedoraprojectFedora Version37
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.348
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 3.9 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
https://access.redhat.com/security/cve/CVE-2021-3979
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2024788
Vendor Advisory
Issue Tracking
https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656
Patch
Third Party Advisory
https://github.com/ceph/ceph/pull/44765
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q/
Mailing List
https://tracker.ceph.com/issues/54006
Vendor Advisory
Issue Tracking
https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html