VYPR
Moderate severityNVD Advisory· Published Aug 25, 2014· Updated Jun 17, 2026

CVE-2014-5356

CVE-2014-5356

Description

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
glancePyPI
< 11.0.0a011.0.0a0

Affected products

11
  • cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):*:*:*:*:*:*:*:*range: <=2013.2.3
    • cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):juno-1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):juno-2:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • ghsa-coords
    Range: < 11.0.0a0

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.