CVE-2024-47866

CWE-20Improper Input Validation8 documents7 sources
Severity
7.5HIGH
EPSS
0.2%
top 59.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ceph CephRedhat Ceph
Timeline
PublishedNov 12
Latest updateFeb 24

Description

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debianceph< 14.2.21-1+deb11u2+1
CVEListV5ceph/ceph19.2.3
NVDredhat/ceph19.2.3

🔴Vulnerability Details

3
OSV
ceph vulnerabilities2026-02-24
CVEList
RGW DoS attack with empty HTTP header in S3 object copy2025-11-12
OSV
CVE-2024-47866: Ceph is a distributed object, block, and file storage platform2025-11-12

📋Vendor Advisories

4
Ubuntu
Ceph vulnerabilities2026-02-24
Red Hat
rgw: RGW DoS attack with empty HTTP header in S3 object copy2025-11-12
Microsoft
RGW DoS attack with empty HTTP header in S3 object copy2025-11-11
Debian
CVE-2024-47866: ceph - Ceph is a distributed object, block, and file storage platform. In versions up t...2024
CVE-2024-47866 (HIGH CVSS 7.5) | Ceph is a distributed object | cvebase.io