VDB
DEBIAN-CVE-2024-47866
DEBIAN-CVE-2024-47866
PUBLISHED
CVSS 7.5 HIGH
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | ceph | 18.2.7+ds, 0, 18.2.7+ds-1 |
| Debian:11 | ceph | 14.2.21-1+deb11u1, 0, 14.2.21-1 |
| Debian:13 | ceph | 18.2.8+ds-1, 18.2.8+ds, 0 |
| Debian:12 | ceph | 18.2.1+ds-6, 18.2.1+ds-8, 18.2.1+ds-9 |
Timeline
- Nov 12, 2025 CVE Published
- Apr 28, 2026 CVE Updated