HIGH 7.5 PyPI
OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption
GHSA-g2j5-7vgx-6xrx · CVE-2015-5162
Published · Modified
Description
The image parser in OpenStack Cinder prior to 7.0.2, and 8.0.0 and above, prior to 9.0.0; Glance prior to 14.00; and Nova prior to 12.0.4 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image. This issue is patched in Cinder 7.0.2 and 9.0.0; Glance 14.0.0; and Nova 12.0.4
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-5162
- WEB https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5
- WEB https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f
- WEB https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397
- WEB https://access.redhat.com/security/cve/CVE-2015-5162
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=1268303
- WEB https://launchpad.net/bugs/1449062
- WEB http://rhn.redhat.com/errata/RHSA-2016-2923.html
- WEB http://rhn.redhat.com/errata/RHSA-2016-2991.html
- WEB http://rhn.redhat.com/errata/RHSA-2017-0153.html
- WEB http://rhn.redhat.com/errata/RHSA-2017-0156.html
- WEB http://rhn.redhat.com/errata/RHSA-2017-0165.html
- WEB http://rhn.redhat.com/errata/RHSA-2017-0282.html
- WEB http://www.openwall.com/lists/oss-security/2016/10/06/8
- WEB http://www.securityfocus.com/bid/76849
Ready to move
Start Securing
Free, no credit card | First findings in minutes