CVE-2014-5356

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.

Published: Aug 25, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-5356
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
openstack / image_registry_and_delivery_service_(glance)	juno-1	juno-1.x
openstack / image_registry_and_delivery_service_(glance)	-	2013.2.3.x
openstack / image_registry_and_delivery_service_(glance)	2014.1.2	2014.1.2.x
openstack / image_registry_and_delivery_service_(glance)	2013.2	2013.2.x
openstack / image_registry_and_delivery_service_(glance)	2013.2.1	2013.2.1.x
openstack / image_registry_and_delivery_service_(glance)	2013.2.2	2013.2.2.x
canonical / ubuntu_linux	14.04	14.04.x
openstack / image_registry_and_delivery_service_(glance)	2014.1.1	2014.1.1.x
openstack / image_registry_and_delivery_service_(glance)	juno-2	juno-2.x
openstack / image_registry_and_delivery_service_(glance)	2014.1	2014.1.x

Vulnerability Database

289,697

CVE-2014-5356