Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Ceph Storage Platform: Crash Vulnerability via Invalid Object Upload
OESA-2026-1541
Summary
Ceph's storage platform can be made to crash if an attacker uploads an object with a specific, malformed request. This could allow an attacker to disrupt the service, making it unavailable to users. Update to the latest version of Ceph to fix this issue.
What to do
- Update ceph to version 18.2.2-11.oe2403sp3.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | ceph | <= 18.2.2-11.oe2403sp3 | 18.2.2-11.oe2403sp3 |
Original title
ceph security update
Original description
Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage.
Security Fix(es):
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.(CVE-2024-47866)
Security Fix(es):
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.(CVE-2024-47866)
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-47866 Vendor Advisory
Published: 15 Mar 2026 · Updated: 15 Mar 2026 · First seen: 15 Mar 2026