CVE-2015-3280Missing Release of Resource after Effective Lifetime in Nova

CWE-399CWE-772Missing Release of Resource after Effective LifetimeCWE-400Uncontrolled Resource Consumption14 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
0.8%
top 25.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Nova
Timeline
PublishedOct 26
Latest updateMay 14

Description

OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 8.0 | Impact: 6.9

Affected Packages4 packages

NVDopenstack/nova2014.22014.2.4+1
PyPIopenstack/nova2015.1.02015.1.2+1
Debianopenstack/nova< 1:12.0.0-2+3
Ubuntuopenstack/nova< 1:2014.1.5-0ubuntu1.7

🔴Vulnerability Details

5
OSV
OpenStack Compute (nova) allows remote authenticated users to cause a denial of service2022-05-14
GHSA
OpenStack Compute (nova) allows remote authenticated users to cause a denial of service2022-05-14
OSV
nova vulnerabilities2017-10-11
CVEList
CVE-2015-3280: OpenStack Compute (nova) before 20142015-10-26
OSV
CVE-2015-3280: OpenStack Compute (nova) before 20142015-10-26

📋Vendor Advisories

4
Ubuntu
OpenStack Nova vulnerabilities2017-10-11
Red Hat
openstack-nova: May fail to delete images in resize state regression2016-09-21
Red Hat
openstack-nova: Deleting instances in resize state fails2015-09-01
Debian
CVE-2015-3280: nova - OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (ki...2015

💬Community

4
Bugzilla
CVE-2016-7498 openstack-nova: May fail to delete images in resize state regression2016-09-23
Bugzilla
openstack-nova: Nova may fail to delete images in resize state regression2016-09-21
Bugzilla
CVE-2015-3280 openstack-nova: Deleting instances in resize state fails [fedora-all]2015-09-14
Bugzilla
CVE-2015-3280 openstack-nova: Deleting instances in resize state fails2015-08-28
CVE-2015-3280 — Openstack Nova vulnerability | cvebase