7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.023 Low
EPSS
Percentile
89.6%
The image parser in OpenStack Cinder prior to 7.0.2, and 8.0.0 and above, prior to 9.0.0; Glance prior to 14.00; and Nova prior to 12.0.4 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image. This issue is patched in Cinder 7.0.2 and 9.0.0; Glance 14.0.0; and Nova 12.0.4
rhn.redhat.com/errata/RHSA-2016-2923.html
rhn.redhat.com/errata/RHSA-2016-2991.html
rhn.redhat.com/errata/RHSA-2017-0153.html
rhn.redhat.com/errata/RHSA-2017-0156.html
rhn.redhat.com/errata/RHSA-2017-0165.html
rhn.redhat.com/errata/RHSA-2017-0282.html
www.openwall.com/lists/oss-security/2016/10/06/8
www.securityfocus.com/bid/76849
access.redhat.com/security/cve/CVE-2015-5162
bugzilla.redhat.com/show_bug.cgi?id=1268303
github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5
github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f
github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397
launchpad.net/bugs/1449062
nvd.nist.gov/vuln/detail/CVE-2015-5162
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.023 Low
EPSS
Percentile
89.6%