CVE-2016-7498
published 2016-09-27CVE-2016-7498: OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service…
medium6.5CVSS 3.0
AVNACLPRLUINSUCNINAH
OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nova | < nova 2:13.1.0-1 (bookworm) | nova 2:13.1.0-1 (bookworm) |
| openstack | compute | — | — |
| openstack | nova | >= 0 < 2:13.1.0-1 | 2:13.1.0-1 |
| openstack | nova | >= 0 < 2:13.1.0-1 | 2:13.1.0-1 |
| openstack | nova | >= 0 < 2:13.1.0-1 | 2:13.1.0-1 |
| openstack | nova | >= 0 < 2:13.1.0-1 | 2:13.1.0-1 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.8MEDIUM