CVE-2015-1881Uncontrolled Resource Consumption in Project Glance

CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation of Resources Without Limits or Throttling10 documents7 sources
Severity
4.0MEDIUMNVD
EPSS
0.6%
top 31.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Glance Project GlanceOpenstack Image Registry AND Delivery Service
Timeline
PublishedFeb 24
Latest updateMay 17

Description

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

NVDopenstack/image_registry_and_delivery_service2014.2, 2014.2.1, 2014.2.2+2
PyPIglance_project/glance< 11.0.0a0

🔴Vulnerability Details

5
OSV
OpenStack Glance Denial of service by creating a large number of images2022-05-17
GHSA
OpenStack Glance Denial of service by creating a large number of images2022-05-17
GHSA
OpenStack Glance Denial of service by creating a large number of images2022-05-17
CVEList
CVE-2015-1881: OpenStack Image Registry and Delivery Service (Glance) 20142015-02-24
OSV
CVE-2015-1881: OpenStack Image Registry and Delivery Service (Glance) 20142015-02-24

📋Vendor Advisories

3
Red Hat
openstack-glance: potential resource exhaustion and denial of service using images manipulation API2015-02-19
Red Hat
openstack-glance: potential resource exhaustion and denial of service using images manipulation API2015-02-19
Debian
CVE-2015-1881: glance - OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 d...2015

💬Community

1
Bugzilla
CVE-2014-9684 CVE-2015-1881 openstack-glance: potential resource exhaustion and denial of service using images manipulation API2015-02-20
CVE-2015-1881 — Uncontrolled Resource Consumption | cvebase