CVE-2024-47866
published 2025-11-12CVE-2024-47866: Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ceph | ceph | <= 19.2.3 | — |
| ceph | ceph | >= 0 < 14.2.21-1+deb11u2 | 14.2.21-1+deb11u2 |
| ceph | ceph | >= 0 < 18.2.7+ds-1.1 | 18.2.7+ds-1.1 |
| debian | ceph | < ceph 14.2.21-1+deb11u2 (bullseye) | ceph 14.2.21-1+deb11u2 (bullseye) |
| msrc | azl3_ceph_18.2.2-11_on_azure_linux_3.0 | — | — |
| msrc | cbl2_ceph_16.2.10-10_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_ceph_16.2.10-11_on_cbl_mariner_2.0 | — | — |
| redhat | ceph | <= 19.2.3 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH