PyPi: Cinder

CVE-2015-5162

Safety vulnerability ID: 35629

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Oct 07, 2016 Updated at Dec 05, 2024
Scan your Python projects for vulnerabilities →

Advisory

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.

Affected package

cinder

Latest version: 25.0.0

OpenStack Block Storage

Affected versions

Fixed versions

Vulnerability changelog

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.


MLIST:[oss-security] 20161006 OSSA 2016-012] Malicious qemu-img input may exhaust resources in Cinder, Glance, Nova (CVE-2015-5162): http://www.openwall.com/lists/oss-security/2016/10/06/8
CONFIRM:https://launchpad.net/bugs/1449062: https://launchpad.net/bugs/1449062
REDHAT:RHSA-2016:2923: http://rhn.redhat.com/errata/RHSA-2016-2923.html
REDHAT:RHSA-2016:2991: http://rhn.redhat.com/errata/RHSA-2016-2991.html
REDHAT:RHSA-2017:0153: http://rhn.redhat.com/errata/RHSA-2017-0153.html
REDHAT:RHSA-2017:0156: http://rhn.redhat.com/errata/RHSA-2017-0156.html
REDHAT:RHSA-2017:0165: http://rhn.redhat.com/errata/RHSA-2017-0165.html
REDHAT:RHSA-2017:0282: http://rhn.redhat.com/errata/RHSA-2017-0282.html
BID:76849: http://www.securityfocus.com/bid/76849

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Availability (A)
HIGH

CVSS v2 Details

HIGH 7.8
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Impact (A)
COMPLETE