HIGH 7.5
GHSA-g2j5-7vgx-6xrx
OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption
Details
The image parser in OpenStack Cinder prior to 7.0.2, and 8.0.0 and above, prior to 9.0.0; Glance prior to 14.00; and Nova prior to 12.0.4 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image. This issue is patched in Cinder 7.0.2 and 9.0.0; Glance 14.0.0; and Nova 12.0.4
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2015-5162 [ADVISORY]
- https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5 [WEB]
- https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f [WEB]
- https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397 [WEB]
- https://access.redhat.com/security/cve/CVE-2015-5162 [WEB]
- https://bugzilla.redhat.com/show_bug.cgi?id=1268303 [WEB]
- https://launchpad.net/bugs/1449062 [WEB]
- http://rhn.redhat.com/errata/RHSA-2016-2923.html [WEB]
- http://rhn.redhat.com/errata/RHSA-2016-2991.html [WEB]
- http://rhn.redhat.com/errata/RHSA-2017-0153.html [WEB]
- http://rhn.redhat.com/errata/RHSA-2017-0156.html [WEB]
- http://rhn.redhat.com/errata/RHSA-2017-0165.html [WEB]
- http://rhn.redhat.com/errata/RHSA-2017-0282.html [WEB]
- http://www.openwall.com/lists/oss-security/2016/10/06/8 [WEB]
- http://www.securityfocus.com/bid/76849 [WEB]