CVE-2024-47866

Опубликовано: 12 нояб. 2025

Источник: redhat

CVSS3: 7.5

Описание

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.

A flaw was found in Ceph RGW. Using the x-amz-copy-source header to upload an empty object will cause Ceph RGW to crash, leading to availability issues.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Ceph Storage 4	ceph	Out of support scope
Red Hat Ceph Storage 5	ceph	Out of support scope
Red Hat Ceph Storage 6	ceph	Will not fix
Red Hat Ceph Storage 9	rgw	Affected
Red Hat Ceph Storage 7.1	ceph	Fixed	RHSA-2026:2769	17.02.2026
Red Hat Ceph Storage 8.1	ceph	Fixed	RHSA-2025:21068	12.11.2025
Red Hat Ceph Storage 8	rhceph/rhceph-8-rhel9	Fixed	RHSA-2025:21203	12.11.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=2392386rgw: RGW DoS attack with empty HTTP header in S3 object copy

7.5 High

CVSS3

Связанные уязвимости

CVE-2024-47866

CVSS3: 7.5

ubuntu

5 месяцев назад

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.