High severityNVD Advisory· Published Feb 24, 2015· Updated May 6, 2026
CVE-2014-9684
CVE-2014-9684
Description
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
glancePyPI | < 11.0.0a0 | 11.0.0a0 |
Affected products
18- ghsa-coords18 versionspkg:pypi/glancepkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-ceilometer-doc&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-glance&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-glance-doc&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-heat-doc&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-sahara&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-sahara-doc&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-suse&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/python-oslo.i18n&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/python-oslotest&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/python-oslo.utils&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/python-six&distro=SUSE%20OpenStack%20Cloud%205
< 11.0.0a0+ 17 more
- (no CPE)range: < 11.0.0a0
- (no CPE)range: < 2014.2.4.dev18-9.7
- (no CPE)range: < 2014.2.4.dev18-9.11
- (no CPE)range: < 2014.2.4.dev19-9.7
- (no CPE)range: < 2014.2.4.dev19-9.12
- (no CPE)range: < 2014.2.4.dev5-9.5
- (no CPE)range: < 2014.2.4.dev5-9.7
- (no CPE)range: < 2014.2.4.dev13-9.6
- (no CPE)range: < 2014.2.4.dev13-9.8
- (no CPE)range: < 2014.2.4.dev5-11.8
- (no CPE)range: < 2014.2.4.dev5-11.12
- (no CPE)range: < 2014.2.4.dev3-9.5
- (no CPE)range: < 2014.2.4.dev3-9.5
- (no CPE)range: < 2014.2-9.2
- (no CPE)range: < 1.3.1-9.6
- (no CPE)range: < 1.2.0-2.5
- (no CPE)range: < 1.4.0-14.2
- (no CPE)range: < 1.9.0-9.2
Patches
2a880c8e762e9Initiate deletion of image files if the import was interrupted
1 file changed · +25 −15
glance/common/scripts/image_import/main.py+25 −15 modified@@ -22,6 +22,7 @@ from glance.api.v2 import images as v2_api from glance.common import exception from glance.common.scripts import utils as script_utils +from glance.common import store_utils from glance.common import utils as common_utils from glance import i18n from glance.openstack.common import excutils @@ -92,21 +93,30 @@ def import_image(image_repo, image_factory, task_input, task_id, uri): new_image = image_repo.get(image_id) set_image_data(new_image, uri, None) - # NOTE: Check if the Image is not deleted after setting the data - # before saving the active image. Here if image status is - # saving, then new_image is saved as it contains updated location, - # size, virtual_size and checksum information and the status of - # new_image is already set to active in set_image_data() call. - image = image_repo.get(image_id) - if image.status == 'saving': - image_repo.save(new_image) - return image_id - else: - msg = _LE("The Image %(image_id)s object being created by this task " - "%(task_id)s, is no longer in valid status for further " - "processing." % {"image_id": new_image.image_id, - "task_id": task_id}) - raise exception.Conflict(msg) + try: + # NOTE: Check if the Image is not deleted after setting the data + # before saving the active image. Here if image status is + # saving, then new_image is saved as it contains updated location, + # size, virtual_size and checksum information and the status of + # new_image is already set to active in set_image_data() call. + image = image_repo.get(image_id) + if image.status == 'saving': + image_repo.save(new_image) + return image_id + else: + msg = _("The Image %(image_id)s object being created by this task " + "%(task_id)s, is no longer in valid status for further " + "processing.") % {"image_id": image_id, + "task_id": task_id} + raise exception.Conflict(msg) + except (exception.Conflict, exception.NotFound): + with excutils.save_and_reraise_exception(): + if new_image.locations: + for location in new_image.locations: + store_utils.delete_image_location_from_backend( + new_image.context, + image_id, + location) def create_image(image_repo, image_factory, image_properties, task_id):
7858d4d95154Initiate deletion of image files if the import was interrupted
1 file changed · +25 −15
glance/common/scripts/image_import/main.py+25 −15 modified@@ -23,6 +23,7 @@ from glance.api.v2 import images as v2_api from glance.common import exception from glance.common.scripts import utils as script_utils +from glance.common import store_utils from glance.common import utils as common_utils from glance import i18n from glance.openstack.common import lockutils @@ -92,21 +93,30 @@ def import_image(image_repo, image_factory, task_input, task_id, uri): # Image object returned from create_image method does not have appropriate # factories wrapped around it. image_id = original_image.image_id - new_image = image_repo.get(image_id) - if new_image.status in ['saving']: - new_image.status = 'active' - new_image.size = original_image.size - new_image.virtual_size = original_image.virtual_size - new_image.checksum = original_image.checksum - else: - msg = _("The Image %(image_id)s object being created by this task " - "%(task_id)s, is no longer in valid status for further " - "processing.") % {"image_id": new_image.image_id, - "task_id": task_id} - raise exception.Conflict(msg) - image_repo.save(new_image) - - return image_id + try: + new_image = image_repo.get(image_id) + if new_image.status == 'saving': + new_image.status = 'active' + new_image.size = original_image.size + new_image.virtual_size = original_image.virtual_size + new_image.checksum = original_image.checksum + else: + msg = _("The Image %(image_id)s object being created by this task " + "%(task_id)s, is no longer in valid status for further " + "processing.") % {"image_id": new_image.image_id, + "task_id": task_id} + raise exception.Conflict(msg) + image_repo.save(new_image) + + return image_id + except (exception.Conflict, exception.NotFound): + with excutils.save_and_reraise_exception(): + if original_image.locations: + for location in original_image.locations: + store_utils.delete_image_location_from_backend( + original_image.context, + original_image.image_id, + location) def create_image(image_repo, image_factory, image_properties, task_id):
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- bugs.launchpad.net/glance/+bug/1371118nvdExploitWEB
- lists.openstack.org/pipermail/openstack-announce/2015-February/000336.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-h737-q6g6-8wr6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-9684ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2015-0938.htmlnvdWEB
- github.com/openstack/glance/commit/7858d4d95154c8596720365e465cca7858cfec5cghsaWEB
- github.com/openstack/glance/commit/a880c8e762e94b70c1e5d5692a3defcde734a601ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-37.yamlghsaWEB
- www.securityfocus.com/bid/72692nvd
News mentions
0No linked articles in our index yet.