CVE-2020-1700
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.
Se encontró un fallo en la manera en que el front-end Ceph RGW Beast maneja desconexiones inesperadas. Un atacante autenticado puede abusar de este fallo al realizar múltiples intentos de desconexión resultando en una fuga permanente de una conexión de socket mediante radosgw. Este fallo podría conllevar a una condición de denegación de servicio mediante la acumulación de sockets CLOSE_WAIT, conduciendo eventualmente al agotamiento de los recursos disponibles, impidiendo a usuarios legítimos conectarse al sistema.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-27 CVE Reserved
- 2020-02-07 CVE Published
- 2024-08-04 CVE Updated
- 2024-09-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1700 | Issue Tracking | |
https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00009.html | 2023-11-07 | |
https://usn.ubuntu.com/4304-1 | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ceph Search vendor "Ceph" | Ceph Search vendor "Ceph" for product "Ceph" | - | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Container Storage Search vendor "Redhat" for product "Openshift Container Storage" | 4.2 Search vendor "Redhat" for product "Openshift Container Storage" and version "4.2" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
|