retired/CVE-2023-44466


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

Description: libceph: harden msgr2.1 frame segment length checks
References:
 https://github.com/google/security-research/security/advisories/GHSA-jg27-jx6w-xwph
 https://www.spinics.net/lists/ceph-devel/msg57909.html
Notes:
 carnil> Commit fixes cd1a677cad99 ("libceph, ceph: implement msgr2.1
 carnil> protocol (crc and secure modes)") in 5.11-rc1.
Bugs:
upstream: released (6.5-rc2) [a282a2f10539dce2aa619e71e1817570d557fc97]
6.1-upstream-stable: released (6.1.40) [183c0ae4fafcdcb95c06f40c0c35a39d89c1aa2d]
5.10-upstream-stable: N/A "Vulnerable code not present"
4.19-upstream-stable: N/A "Vulnerable code not present"
sid: released (6.4.11-1)
6.1-bookworm-security: released (6.1.52-1)
5.10-bullseye-security: N/A "Vulnerable code not present"
4.19-buster-security: N/A "Vulnerable code not present"