Lucene search

[email protected]CVE-2015-5162

HistoryOct 07, 2016 - 2:59 p.m.

CVE-2015-5162

2016-10-0714:59:00

CWE-399

[email protected]

web.nvd.nist.gov

openstack

cve-2015-5162

image parser

denial of service

security vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.023 Low

EPSS

Percentile

89.6%

JSON

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.

CPENameOperatorVersion
openstack:novaopenstack novaeq13.0.0
openstack:novaopenstack novale12.0.3
openstack:glanceopenstack glanceeq11.0.1
openstack:cinderopenstack cindereq8.1.0
openstack:glanceopenstack glanceeq12.0.0
openstack:cinderopenstack cindereq8.0.0
openstack:glanceopenstack glancele11.0.0
openstack:cinderopenstack cindereq7.0.2

CPE	Name	Operator	Version
openstack:nova	openstack nova	eq	13.0.0
openstack:nova	openstack nova	le	12.0.3
openstack:glance	openstack glance	eq	11.0.1
openstack:cinder	openstack cinder	eq	8.1.0
openstack:glance	openstack glance	eq	12.0.0
openstack:cinder	openstack cinder	eq	8.0.0
openstack:glance	openstack glance	le	11.0.0
openstack:cinder	openstack cinder	eq	7.0.2