Denial of Service in OpenStack Image Registry and Delivery Service by Remote Authenticated Users
CVE-2014-5356

Currently unrated

Key Information:

Vendor: Openstack
Status: Image Registry And Delivery Service \(glance\); Ubuntu Linux
Vendor: CVE Published:; 25 August 2014

Summary

OpenStack's Image Registry and Delivery Service (Glance), when using the V2 API, fails to appropriately enforce the image_size_cap configuration setting. This misconfiguration permits remote authenticated users to exploit the system by uploading excessively large images, ultimately leading to denial of service due to disk space exhaustion. This vulnerability could result in significant operational interruptions and must be addressed promptly to safeguard the integrity of the system.

References

http://www.openwall.com/lists/oss-security/2014/08/21/6

mailing-listx_refsource_MLIST

http://www.ubuntu.com/usn/USN-2322-1

vendor-advisoryx_refsource_UBUNTU

http://rhn.redhat.com/errata/RHSA-2014-1337.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Aug 25, 2014
Vulnerability Reserved
Aug 19, 2014