Improper Handling of URL Encoding (Hex Encoding)

CVE-2022-3854

Medium

6.5/10

Summary

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-177 - Improper Handling of URL Encoding (Hex Encoding)

The software does not properly handle when all or part of an input has been URL encoded.

References

Advisory Timeline

Published Mar 06, 2023

Improper Handling of URL Encoding (Hex Encoding)

CVE-2022-3854

Summary

CWE-177 - Improper Handling of URL Encoding (Hex Encoding)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS