Missing Release of Resource after Effective Lifetime

CVE-2019-3821

High

7.5/10

Summary

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-772 - Missing Release Of Resource After Effective Lifetime

'Missing release of resource after effective lifetime' is a weakness that occurs when software doesn't sufficiently release a resource (e.g. memory, CPU, disk space, etc.) after it is used. If not addressed, attackers can launch a denial of service attack (by allocating a resource and not releasing it).

References

Advisory Timeline

Published Mar 27, 2019

Missing Release of Resource after Effective Lifetime

CVE-2019-3821

Summary

CWE-772 - Missing Release Of Resource After Effective Lifetime

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS