NVD

Id
26408  
Name
CVE-2015-5162  
Description
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.  
Reject
 
CVSS Version
2  
CVSS Score
7.8  
Severity
High  
CVSS Base Score
7.8  
CVSS Impact Subscore
6.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:C)  
Pub Date
2017-01-19  
Published
2016-10-07  
Modified Date
2016-10-11  
Seq
2015-5162  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
139603 26408 CVE-2015-5162 [oss-security] 20161006 OSSA 2016-012] Malicious qemu-img input may exhaust resources in Cinder, Glance, Nova (CVE-2015-5162)  View
139604 26408 CVE-2015-5162 https://launchpad.net/bugs/1449062  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
11958 JVNDB-2015-007279 複数の OpenStack 製品のイメージパーサにおけるサービス運用妨害 (DoS) の脆弱性 OpenStack Cinder、Glance、および Nova のイメージパーサは、qemu-img の呼び出しを適切に制限しないため、サービス運用妨害 (メモリおよびディスクの消費) 状態にされる脆弱性が存在します。 CVE-2015-5162 82387 CVE-2015-5162 26408 7.8 7.5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-007279.html 2015-04-27 2016-10-19 View