Lucene search

Veracode Vulnerability DatabaseVERACODE:12243

HistoryJan 15, 2019 - 9:14 a.m.

Denial Of Service (DoS)

2019-01-1509:14:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

OpenStack Compute (nova) is vulnerable to denial of service (DoS) attack. It is possible because it does not restrict qemu-ing calls to consume as much as 4 GB of RAM on the compute host by uploading a malicious image, leading to out-of-memory errors and negatively affect other running tenant instances.

CPENameOperatorVersion
openstack-cindereq2014.1.4__1.el6ost
openstack-cindereq2014.1.1__1.el6ost
openstack-cindereq11.1.1__1.el7
openstack-cindereq2013.2.4__2.el6ost
openstack-cindereq11.0.2__1.el7
openstack-cindereq2014.1.2__2.el6ost
openstack-cindereq8.1.1__1.el7ost
openstack-cindereq2013.2.3__2.el6ost
openstack-cindereq2012.2.3__6.el6ost
openstack-cindereq2013.1.2__3.el6ost

Name	Operator	Version
openstack-cinder	eq	2014.1.4__1.el6ost
openstack-cinder	eq	2014.1.1__1.el6ost
openstack-cinder	eq	11.1.1__1.el7
openstack-cinder	eq	2013.2.4__2.el6ost
openstack-cinder	eq	11.0.2__1.el7
openstack-cinder	eq	2014.1.2__2.el6ost
openstack-cinder	eq	8.1.1__1.el7ost
openstack-cinder	eq	2013.2.3__2.el6ost
openstack-cinder	eq	2012.2.3__6.el6ost
openstack-cinder	eq	2013.1.2__3.el6ost

Rows per page:

1-10 of 4781

References

rhn.redhat.com/errata/RHSA-2016-2923.html

rhn.redhat.com/errata/RHSA-2016-2991.html

rhn.redhat.com/errata/RHSA-2017-0153.html

rhn.redhat.com/errata/RHSA-2017-0156.html

rhn.redhat.com/errata/RHSA-2017-0165.html

rhn.redhat.com/errata/RHSA-2017-0282.html

www.openwall.com/lists/oss-security/2016/10/06/8

www.securityfocus.com/bid/76849

access.redhat.com/errata/RHSA-2016:2923

access.redhat.com/errata/RHSA-2016:2991

access.redhat.com/errata/RHSA-2017:0153

access.redhat.com/errata/RHSA-2017:0156

access.redhat.com/errata/RHSA-2017:0165

access.redhat.com/errata/RHSA-2017:0282

access.redhat.com/security/cve/CVE-2015-5162

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1268303

bugzilla.redhat.com/show_bug.cgi?id=1357461

bugzilla.redhat.com/show_bug.cgi?id=1379385

bugzilla.redhat.com/show_bug.cgi?id=1381466

bugzilla.redhat.com/show_bug.cgi?id=1381534

bugzilla.redhat.com/show_bug.cgi?id=1381965

bugzilla.redhat.com/show_bug.cgi?id=1383899

bugzilla.redhat.com/show_bug.cgi?id=1385486

bugzilla.redhat.com/show_bug.cgi?id=1386263

bugzilla.redhat.com/show_bug.cgi?id=1387467

bugzilla.redhat.com/show_bug.cgi?id=1387617

bugzilla.redhat.com/show_bug.cgi?id=1390109

bugzilla.redhat.com/show_bug.cgi?id=1396263

launchpad.net/bugs/1449062

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Related for VERACODE:12243