VYPR
Unrated severityNVD Advisory· Published Nov 12, 2025· Updated Dec 11, 2025

RGW DoS attack with empty HTTP header in S3 object copy

CVE-2024-47866

Description

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Ceph/Cephllm-fuzzy2 versions
    <=19.2.3+ 1 more
    • (no CPE)range: <=19.2.3
    • (no CPE)range: <= 19.2.3
  • osv-coords
    Range: < 20.2.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.