PT-2014-6432 · Openstack+1 · Openstack Image Registry/Delivery Service+1
Stuart Mclaren
+1
·
Published
2014-08-20
·
Updated
2022-05-17
·
CVE-2014-5356
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
OpenStack Image Registry and Delivery Service (Glance) versions prior to 2013.2.4
OpenStack Image Registry and Delivery Service (Glance) versions 2014.x prior to 2014.1.3
OpenStack Image Registry and Delivery Service (Glance) versions prior to Juno-3
Description
The issue allows remote authenticated users to cause a denial of service by consuming disk space through uploading large images, due to the improper enforcement of the
image size cap configuration option when using the V2 API.Recommendations
For versions prior to 2013.2.4, update to version 2013.2.4 or later to resolve the issue.
For versions 2014.x prior to 2014.1.3, update to version 2014.1.3 or later to resolve the issue.
For versions prior to Juno-3, update to Juno-3 or later to resolve the issue.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openstack Image Registry/Delivery Service
Ubuntu