CVE-2014-5356Improper Input Validation in Project Glance

CWE-264CWE-20Improper Input ValidationCWE-400Uncontrolled Resource Consumption12 documents8 sources
Severity
4.0MEDIUMNVD
EPSS
0.8%
top 25.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Glance Project GlanceOpenstack Image Registry AND Delivery ServiceCanonical Ubuntu Linux
Timeline
PublishedAug 25
Latest updateMay 17

Description

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

PyPIglance_project/glance< 11.0.0a0
Debianglance_project/glance< 2014.1.3-1+3

Also affects: Ubuntu Linux 14.04

🔴Vulnerability Details

4
GHSA
OpenStack Glance improper validation of the image_size_cap configuration option2022-05-17
OSV
OpenStack Glance improper validation of the image_size_cap configuration option2022-05-17
OSV
CVE-2014-5356: OpenStack Image Registry and Delivery Service (Glance) before 20132014-08-25
CVEList
CVE-2014-5356: OpenStack Image Registry and Delivery Service (Glance) before 20132014-08-25

📋Vendor Advisories

3
Ubuntu
OpenStack Glance vulnerability2014-08-21
Red Hat
openstack-glance: Glance store disk space exhaustion2014-05-02
Debian
CVE-2014-5356: glance - OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x b...2014

💬Community

4
Bugzilla
CVE-2014-5356 openstack-glance: Glance store disk space exhaustion [epel-6]2014-08-20
Bugzilla
CVE-2014-5356 openstack-glance: Glance store disk space exhaustion2014-08-20
Bugzilla
CVE-2014-5356 openstack-glance: Glance store disk space exhaustion [fedora-20]2014-08-20
Bugzilla
CVE-2014-5356 openstack-glance: Glance store disk space exhaustion [fedora-19]2014-08-20
CVE-2014-5356 — Improper Input Validation | cvebase