High severityNVD Advisory· Published Feb 24, 2015· Updated Jun 17, 2026
CVE-2014-9684
CVE-2014-9684
Description
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
glancePyPI | < 11.0.0a0 | 11.0.0a0 |
Affected products
21cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.2:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.2.2:*:*:*:*:*:*:*
- ghsa-coords18 versionspkg:pypi/glancepkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-ceilometer-doc&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-glance&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-glance-doc&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-heat-doc&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-sahara&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-sahara-doc&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-suse&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/python-oslo.i18n&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/python-oslotest&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/python-oslo.utils&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/python-six&distro=SUSE%20OpenStack%20Cloud%205
< 11.0.0a0+ 17 more
- (no CPE)range: < 11.0.0a0
- (no CPE)range: < 2014.2.4.dev18-9.7
- (no CPE)range: < 2014.2.4.dev18-9.11
- (no CPE)range: < 2014.2.4.dev19-9.7
- (no CPE)range: < 2014.2.4.dev19-9.12
- (no CPE)range: < 2014.2.4.dev5-9.5
- (no CPE)range: < 2014.2.4.dev5-9.7
- (no CPE)range: < 2014.2.4.dev13-9.6
- (no CPE)range: < 2014.2.4.dev13-9.8
- (no CPE)range: < 2014.2.4.dev5-11.8
- (no CPE)range: < 2014.2.4.dev5-11.12
- (no CPE)range: < 2014.2.4.dev3-9.5
- (no CPE)range: < 2014.2.4.dev3-9.5
- (no CPE)range: < 2014.2-9.2
- (no CPE)range: < 1.3.1-9.6
- (no CPE)range: < 1.2.0-2.5
- (no CPE)range: < 1.4.0-14.2
- (no CPE)range: < 1.9.0-9.2
Patches
Vulnerability mechanics
References
9- bugs.launchpad.net/glance/+bug/1371118nvdExploitWEB
- lists.openstack.org/pipermail/openstack-announce/2015-February/000336.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-h737-q6g6-8wr6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-9684ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2015-0938.htmlnvdWEB
- github.com/openstack/glance/commit/7858d4d95154c8596720365e465cca7858cfec5cghsaWEB
- github.com/openstack/glance/commit/a880c8e762e94b70c1e5d5692a3defcde734a601ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-37.yamlghsaWEB
- www.securityfocus.com/bid/72692nvd
News mentions
0No linked articles in our index yet.