CVE-2015-5162

CWE-399 CWE-400 — Uncontrolled Resource Consumption17 documents8 sources

Severity

7.5HIGH

EPSS

3.6%

top 12.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Glance Openstack Nova Openstack Cinder

Timeline

PublishedOct 7

Latest updateMay 14

Description

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

▶NVDopenstack/nova12.0.3+1

▶NVDopenstack/glance11.0.0+2

▶NVDopenstack/cinder7.0.2, 8.0.0, 8.1.0+2

▶PyPInova< 12.0.4

▶PyPIcinder8.0.0 — 9.0.0+1

🔴Vulnerability Details

OSV

OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption↗2022-05-14

▶

GHSA

OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption↗2022-05-14

▶

OSV

nova vulnerabilities↗2017-10-11

▶

OSV

CVE-2015-5162: The image parser in OpenStack Cinder 7↗2016-10-07

▶

CVEList

CVE-2015-5162: The image parser in OpenStack Cinder 7↗2016-10-07

▶

📋Vendor Advisories

Ubuntu

OpenStack Nova vulnerabilities↗2017-10-11

▶

Red Hat

openstack-nova/glance/cinder: Malicious image may exhaust resources↗2015-06-29

▶

Debian

CVE-2015-5162: cinder - The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance befor...↗2015

▶

💬Community

Bugzilla

CVE-2018-10908 vdsm: calls to qemu-img are not protected by prlimit/ulimit↗2018-07-20

▶

Bugzilla

CVE-2015-5162 openstack-nova: openstack-nova/glance/cinder: Malicious image may exhaust resources [fedora-all]↗2016-10-07

▶

Bugzilla

CVE-2015-5162 openstack-nova: Malicious image causes OOM on the compute host [openstack-rdo]↗2016-10-07

▶

Bugzilla

CVE-2015-5162 openstack-cinder: openstack-nova: Malicious image causes OOM on the compute host [fedora-all]↗2016-10-07

▶

Bugzilla

CVE-2015-5162 openstack-cinder: openstack-nova: Malicious image causes OOM on the compute host [openstack-rdo]↗2016-10-07

▶