[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-5162Date: (C)2016-10-18   (M)2023-12-22


The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 7.8
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 6.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: COMPLETE
Integrity: NONE 
Availability: HIGH 
  
Reference:
BID-76849
RHSA-2016:2923
RHSA-2016:2991
RHSA-2017:0153
RHSA-2017:0156
RHSA-2017:0165
RHSA-2017:0282
http://www.openwall.com/lists/oss-security/2016/10/06/8
https://launchpad.net/bugs/1449062

CWE    1
CWE-399
OVAL    2
oval:org.secpod.oval:def:52889
oval:org.secpod.oval:def:703841

© SecPod Technologies