CVE-2020-12059

HIGH

Linuxfoundation Ceph < 13.2.9 - NULL Pointer Dereference

Title source: rule

Description

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

References (5)

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.suse.com/show_bug.cgi?id=1170170

[Release Notes, Vendor Advisory] https://docs.ceph.com/docs/master/releases/mimic/

[Mailing List] https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html

[Issue Tracking, Vendor Advisory] https://tracker.ceph.com/issues/44967

[Third Party Advisory] https://usn.ubuntu.com/4528-1/

Scores

CVSS v3 7.5

EPSS 0.0028

EPSS Percentile 51.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-476

Status published

Affected Products (3)

linuxfoundation/ceph < 13.2.9

canonical/ubuntu_linux

Timeline

Published Apr 22, 2020

Tracked Since Feb 18, 2026