CVE-2014-9684

Severity

40%

Complexity

80%

Confidentiality

48%

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P).

Overview

First reported 9 years ago

2015-02-24 15:59:00

Last updated 8 years ago

2017-01-03 02:59:00

Affected Software

OpenStack Image Registry and Delivery Service (Glance) 2014.2

2014.2

OpenStack Image Registry and Delivery Service (Glance) 2014.2.1

2014.2.1

OpenStack Image Registry and Delivery Service (Glance) 2014.2.2

2014.2.2

References

[openstack-announce] 20150223 [OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881)

Vendor Advisory

RHSA-2015:0938

72692

https://bugs.launchpad.net/glance/+bug/1371118

Exploit

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.