CVE Vulnerabilities

CVE-2014-5356

Published: Aug 25, 2014 | Modified: Jan 07, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
RedHat/V2
4 MODERATE
AV:N/AC:L/Au:S/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.

Affected Software

Name Vendor Start Version End Version
Image_registry_and_delivery_service_(glance) Openstack * 2013.2.3 (including)
Image_registry_and_delivery_service_(glance) Openstack 2013.2 (including) 2013.2 (including)
Image_registry_and_delivery_service_(glance) Openstack 2013.2.1 (including) 2013.2.1 (including)
Image_registry_and_delivery_service_(glance) Openstack 2013.2.2 (including) 2013.2.2 (including)
Image_registry_and_delivery_service_(glance) Openstack 2014.1 (including) 2014.1 (including)
Image_registry_and_delivery_service_(glance) Openstack 2014.1.1 (including) 2014.1.1 (including)
Image_registry_and_delivery_service_(glance) Openstack 2014.1.2 (including) 2014.1.2 (including)
Image_registry_and_delivery_service_(glance) Openstack juno-1 (including) juno-1 (including)
Image_registry_and_delivery_service_(glance) Openstack juno-2 (including) juno-2 (including)
Ubuntu_linux Canonical 14.04 (including) 14.04 (including)
OpenStack 4 for RHEL 6 RedHat openstack-glance-0:2013.2.4-1.el6ost *
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 RedHat openstack-glance-0:2014.1.2-5.el6ost *
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 RedHat openstack-glance-0:2014.1.2-3.el7ost *
Glance Ubuntu trusty *
Glance Ubuntu upstream *

References