Unrated severityNVD Advisory· Published Nov 12, 2025· Updated Dec 11, 2025
RGW DoS attack with empty HTTP header in S3 object copy
CVE-2024-47866
Description
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.