Vulnerability in Openstack Image_registry_and_delivery_service_\(glance\)
CVE-2014-5356
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authentic…
EPSS: 0.008 (74.5th percentile) — read the EPSS interpretation.
Affected products
- Openstack Image_registry_and_delivery_service_\(glance\) — versions 2013.2, 2013.2.1, 2013.2.2
- Canonical Ubuntu_linux — versions 14.04
- N/a — versions n/a
Weakness classification (CWE)
References
- [oss-security] 20140821 [OSSA 2014-028] Glance store DoS through disk space exhaustion (CVE-2014-5356) (mailing-list, x_refsource_MLIST)
- USN-2322-1 (x_refsource_UBUNTU, vendor-advisory)
- RHSA-2014:1337 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2014:1685 (x_refsource_REDHAT, vendor-advisory)
- 60743 (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_MISC)
- RHSA-2014:1338 (x_refsource_REDHAT, vendor-advisory)