18 matches found
CVE-2026-45042 RustFS: UploadPartCopy Does Not Enforce Destination Bucket Policy on Copy Source
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing destination bucket restrictions on allowed copy sources. The implementation validates GetObject...
Astra Linux - уязвимость в ceph
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
OESA-2026-1542 ceph security update
Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument...
OESA-2026-1541 ceph security update
Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument...
rgw: RGW DoS attack with empty HTTP header in S3 object copy
A flaw was found in Ceph RGW. Using the x-amz-copy-source header to upload an empty object will cause Ceph RGW to crash, leading to availability issues...
SUSE CVE-2024-47866
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
AZL-70058 CVE-2024-47866 affecting package ceph for versions less than 18.2.2-12
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
CVE-2024-47866
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
DEBIAN-CVE-2024-47866
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
UBUNTU-CVE-2024-47866
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
CVE-2024-47866 RGW DoS attack with empty HTTP header in S3 object copy
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
CVE-2024-47866 RGW DoS attack with empty HTTP header in S3 object copy
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
EUVD-2024-55069
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
CVE-2024-47866
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
CVE-2024-47866
A flaw was found in Ceph RGW. Using the x-amz-copy-source header to upload an empty object will cause Ceph RGW to crash, leading to availability issues. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteri...
rgw: RGW DoS attack with empty HTTP header in S3 object copy
A flaw was found in Ceph RGW. Using the x-amz-copy-source header to upload an empty object will cause Ceph RGW to crash, leading to availability issues...
Ceph 输入验证错误漏洞
Ceph is a file storage platform from Ceph open source. An input validation error vulnerability exists in Ceph 19.2.3 and earlier versions, which stems from improper handling of the x-amz-copy-source parameter and could lead to a denial of service...
PT-2025-46556
Name of the Vulnerable Software and Affected Versions Ceph affected versions not specified Description A denial-of-service issue exists in Ceph’s RGW component due to improper input validation. Specifically, providing an empty string as the content for the x-amz-copy-source argument when putting ...