{"id":"AZL-70193","summary":"CVE-2024-47866 affecting package ceph for versions less than 16.2.10-11","details":"Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.","modified":"2026-04-01T05:21:55.032225Z","published":"2025-11-12T19:15:34Z","upstream":["CVE-2024-47866"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47866"}],"affected":[{"package":{"name":"ceph","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/ceph"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"16.2.10-11"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70193.json"}}],"schema_version":"1.7.5"}