CVE-2024-47866

Advisory lineage Upstream: 0 Downstream: 6

Downstream

DEBIAN-CVE-2024-47866 MGASA-2025-0333 RHSA-2025:21068 RHSA-2026:2769 UBUNTU-CVE-2024-47866 USN-8045-1

Analyzed

Published: 12 Nov 2025, 18:28

Last modified:11 Dec 2025, 15:35

Vulnerability Summary

Overall Risk (default)

medium

40/100

CVSS Score

7.5 HIGH

v3.1 (cve.org)

EPSS Score

0.13% LOW

0% probability -0.03%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

12 Nov 2025, 18:28

Published

Vulnerability first disclosed

11 Dec 2025, 15:35

Last Modified

Vulnerability information updated

Description

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.13%• Percentile: 32%

Techniques & Countermeasures

CWE-20•Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

ceph•ceph
≤ 19.2.3
redhat•ceph
≤ 19.2.3