openstack-nova/glance/cinder: Malicious image may exhaust resources

🗓️ 19 Jan 2017 13:20:36Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 3 Views

A vulnerability in OpenStack services using qemu-img lets unprivileged users exhaust RAM and risk host memory failure.

Reporter	Title	Published	Views	Family All 46
IBM Security Bulletins	Security Bulletin: OpenStack Cinder/Glance/Nova vulnerabilities affect IBM Cloud Manager with OpenStack (CVE-2015-5162)	8 Aug 201804:13	–	ibm
CNVD	OpenStack qemu-imge security bypass vulnerability	8 Jan 201600:00	–	cnvd
CVE	CVE-2015-5162	7 Oct 201614:00	–	cve
Cvelist	CVE-2015-5162	7 Oct 201614:00	–	cvelist
Debian CVE	CVE-2015-5162	7 Oct 201614:00	–	debiancve
EUVD	EUVD-2022-3861	3 Oct 202520:07	–	euvd
Github Security Blog	OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption	14 May 202203:59	–	github
NVD	CVE-2015-5162	7 Oct 201614:59	–	nvd
OpenVAS	Ubuntu: Security Advisory (USN-3449-1)	12 Oct 201700:00	–	openvas
OSV	DEBIAN-CVE-2015-5162	7 Oct 201614:59	–	osv

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	any	openstack-cinder	0:2014.1.5-9.el7ost.noarch	openstack-cinder-0:2014.1.5-9.el7ost.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	openstack-cinder-doc	0:2014.1.5-9.el7ost.noarch	openstack-cinder-doc-0:2014.1.5-9.el7ost.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	python-cinder	0:2014.1.5-9.el7ost.noarch	python-cinder-0:2014.1.5-9.el7ost.noarch.noarch.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2015-5162
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2015-5162
cve	www.cve.org/CVERecord

28 Jun 2026 12:28Current

5.7Medium risk

Vulners AI Score5.7

CVSS 37.5

CVSS 27.8

EPSS0.03062

OpenStack Compute OpenStack Block Storage OpenStack Image Memory exhaustion Process limits Malicious image