CVE-2017-17051

CWE-400Uncontrolled Resource Consumption8 documents7 sources
Severity
8.6HIGH
EPSS
0.8%
top 25.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Nova
Timeline
PublishedDec 5
Latest updateMay 13

Description

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages3 packages

NVDopenstack/nova16.0.3
PyPInova< 16.0.4
Debiannova< 2:16.0.3-6+3

🔴Vulnerability Details

4
OSV
OpenStack Nova DoS by rebuilding the same instance with a new image multiple times2022-05-13
GHSA
OpenStack Nova DoS by rebuilding the same instance with a new image multiple times2022-05-13
CVEList
CVE-2017-17051: An issue was discovered in the default FilterScheduler in OpenStack Nova 162017-12-05
OSV
CVE-2017-17051: An issue was discovered in the default FilterScheduler in OpenStack Nova 162017-12-05

📋Vendor Advisories

2
Red Hat
openstack-nova: Nova FilterScheduler doubles resource allocations during rebuild with new image2017-12-05
Debian
CVE-2017-17051: nova - An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3....2017

💬Community

1
Bugzilla
CVE-2017-17051 openstack-nova: Nova FilterScheduler doubles resource allocations during rebuild with new image2017-11-30
CVE-2017-17051 (HIGH CVSS 8.6) | An issue was discovered in the defa | cvebase.io