Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Ceph Storage System Crashes from Malicious File Request
OESA-2026-1542
Summary
Ceph, an open-source storage system, can crash if a specific type of file is requested. This could allow an attacker to make the system stop working, causing data loss or disruption. No fixed version is available yet, so it's recommended to avoid using affected versions for now.
What to do
- Update ceph to version 16.2.7-25.oe2203sp4.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | ceph | <= 16.2.7-25.oe2203sp4 | 16.2.7-25.oe2203sp4 |
Original title
ceph security update
Original description
Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage.
Security Fix(es):
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.(CVE-2024-47866)
Security Fix(es):
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.(CVE-2024-47866)
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-47866 Vendor Advisory
Published: 15 Mar 2026 · Updated: 15 Mar 2026 · First seen: 15 Mar 2026