CVE-2024-47866

Опубликовано: 12 нояб. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.

Ссылки

https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8
Exploit
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/11/11/3
Mailing List
https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*

Версия до 19.2.3 (включая)

EPSS

Процентиль: 38%

0.00163

Низкий

7.5 High

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo

Связанные уязвимости

CVE-2024-47866

CVSS3: 7.5

ubuntu

3 месяца назад

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.

CVE-2024-47866

CVSS3: 7.5

msrc

3 месяца назад

RGW DoS attack with empty HTTP header in S3 object copy

CVE-2024-47866

CVSS3: 7.5

debian

3 месяца назад

Ceph is a distributed object, block, and file storage platform. In ver ...

ROS-20260122-73-0009

CVSS3: 7.5

redos

13 дней назад

Уязвимость ceph

BDU:2026-01023

CVSS3: 7.5

fstec

4 месяца назад

Уязвимость демона RGW системы хранения данных Ceph, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 38%

0.00163

Низкий

7.5 High

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo