CVE-2021-3531: 
NixOS vulnerability analysis and mitigation

CVE-2021-3531 is a vulnerability discovered in Red Hat Ceph Storage RGW (RadosGW) versions before 14.2.21. The vulnerability was identified and disclosed in May 2021, affecting the Ceph Object Gateway component. The flaw occurs when processing a GET Request for a swift URL that ends with two slashes, which can cause the RGW to crash (Openwall OSS, NVD).

The vulnerability is triggered when processing GET requests specifically targeting swift URLs that end with two consecutive slashes. The issue affects the path before the bucket name, and the bucket name itself doesn't need to be valid for the exploit to work. The vulnerability remains exploitable regardless of whether the bucket is public or not, and additional query parameters in the URL do not prevent the issue (Red Hat Bugzilla).

The primary impact of this vulnerability is on system availability. When successfully exploited, it results in a denial of service condition by causing the RGW (RadosGW) process to crash. This affects the availability of the Ceph Object Gateway service for legitimate users (CVE Mitre).

The vulnerability has been patched in multiple versions of Ceph. Fixes were released for different branches including Nautilus, Octopus, and Pacific. The primary mitigation is to upgrade to Ceph version 14.2.21 or later. Specific fixes can be found in the following commits: Nautilus (f44a8ae8aa27ecef69528db9aec220f12492810e), Octopus (b87e64e3206210580f4a6df2d77f9ae3f1033039), and Pacific (bf06990ab41d7ac299e4441ad9cd434e926a18e7) (Openwall OSS).