Описание
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ceph | fixed | 18.2.7+ds-1.1 | package |
Примечания
https://www.openwall.com/lists/oss-security/2025/11/11/3
https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8
https://tracker.ceph.com/issues/72669
https://github.com/ceph/ceph/pull/65159
Fixed by: https://github.com/ceph/ceph/commit/bef59f17293e6e93af025eba1e00646d0b1a2bf0
EPSS
Связанные уязвимости
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.
Уязвимость демона RGW системы хранения данных Ceph, позволяющая нарушителю вызвать отказ в обслуживании
EPSS