1. CVE-Search
  2. CVE-2015-5162
ID CVE-2015-5162
Summary The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.
References
Vulnerable Configurations
  • cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:-:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:-:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.0:alpha0:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.0:alpha0:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:12.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:12.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:glance:11.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:glance:11.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:cinder:8.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:cinder:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:glance:12.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:glance:12.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:cinder:8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:cinder:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:glance:0.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:glance:0.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:glance:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:glance:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:glance:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:glance:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:glance:11.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:openstack:glance:11.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openstack:glance:11.0.0:alpha0:*:*:*:*:*:*
    cpe:2.3:a:openstack:glance:11.0.0:alpha0:*:*:*:*:*:*
  • cpe:2.3:a:openstack:glance:11.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:openstack:glance:11.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:glance:11.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:openstack:glance:11.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:glance:11.0.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:openstack:glance:11.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openstack:glance:11.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:openstack:glance:11.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:glance:11.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:openstack:glance:11.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:glance:11.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:openstack:glance:11.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:openstack:cinder:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:cinder:7.0.2:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 13-02-2023 - 00:50)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
redhat via4
advisories
  • rhsa
    id RHSA-2016:2923
  • rhsa
    id RHSA-2016:2991
  • rhsa
    id RHSA-2017:0153
  • rhsa
    id RHSA-2017:0156
  • rhsa
    id RHSA-2017:0165
  • rhsa
    id RHSA-2017:0282
rpms
  • openstack-cinder-1:8.1.1-4.el7ost
  • openstack-glance-1:12.0.0-2.el7ost
  • python-cinder-1:8.1.1-4.el7ost
  • python-cinder-tests-1:8.1.1-4.el7ost
  • python-glance-1:12.0.0-2.el7ost
  • python-glance-tests-1:12.0.0-2.el7ost
  • openstack-cinder-1:7.0.3-1.el7ost
  • openstack-glance-1:11.0.1-6.el7ost
  • openstack-nova-1:12.0.5-9.el7ost
  • openstack-nova-api-1:12.0.5-9.el7ost
  • openstack-nova-cells-1:12.0.5-9.el7ost
  • openstack-nova-cert-1:12.0.5-9.el7ost
  • openstack-nova-common-1:12.0.5-9.el7ost
  • openstack-nova-compute-1:12.0.5-9.el7ost
  • openstack-nova-conductor-1:12.0.5-9.el7ost
  • openstack-nova-console-1:12.0.5-9.el7ost
  • openstack-nova-network-1:12.0.5-9.el7ost
  • openstack-nova-novncproxy-1:12.0.5-9.el7ost
  • openstack-nova-objectstore-1:12.0.5-9.el7ost
  • openstack-nova-scheduler-1:12.0.5-9.el7ost
  • openstack-nova-serialproxy-1:12.0.5-9.el7ost
  • openstack-nova-spicehtml5proxy-1:12.0.5-9.el7ost
  • python-cinder-1:7.0.3-1.el7ost
  • python-glance-1:11.0.1-6.el7ost
  • python-nova-1:12.0.5-9.el7ost
  • openstack-cinder-0:2014.1.5-9.el7ost
  • openstack-cinder-doc-0:2014.1.5-9.el7ost
  • python-cinder-0:2014.1.5-9.el7ost
  • openstack-cinder-0:2014.2.4-11.el7ost
  • openstack-cinder-doc-0:2014.2.4-11.el7ost
  • python-cinder-0:2014.2.4-11.el7ost
  • openstack-cinder-0:2014.1.5-9.el6ost
  • openstack-cinder-doc-0:2014.1.5-9.el6ost
  • python-cinder-0:2014.1.5-9.el6ost
  • openstack-cinder-0:2015.1.3-12.el7ost
  • openstack-cinder-doc-0:2015.1.3-12.el7ost
  • openstack-glance-0:2015.1.2-3.el7ost
  • openstack-glance-doc-0:2015.1.2-3.el7ost
  • openstack-nova-0:2015.1.4-32.el7ost
  • openstack-nova-api-0:2015.1.4-32.el7ost
  • openstack-nova-cells-0:2015.1.4-32.el7ost
  • openstack-nova-cert-0:2015.1.4-32.el7ost
  • openstack-nova-common-0:2015.1.4-32.el7ost
  • openstack-nova-compute-0:2015.1.4-32.el7ost
  • openstack-nova-conductor-0:2015.1.4-32.el7ost
  • openstack-nova-console-0:2015.1.4-32.el7ost
  • openstack-nova-doc-0:2015.1.4-32.el7ost
  • openstack-nova-network-0:2015.1.4-32.el7ost
  • openstack-nova-novncproxy-0:2015.1.4-32.el7ost
  • openstack-nova-objectstore-0:2015.1.4-32.el7ost
  • openstack-nova-scheduler-0:2015.1.4-32.el7ost
  • openstack-nova-serialproxy-0:2015.1.4-32.el7ost
  • openstack-nova-spicehtml5proxy-0:2015.1.4-32.el7ost
  • python-cinder-0:2015.1.3-12.el7ost
  • python-glance-0:2015.1.2-3.el7ost
  • python-nova-0:2015.1.4-32.el7ost
  • python-oslo-concurrency-0:1.8.2-2.el7ost
  • python-oslo-concurrency-doc-0:1.8.2-2.el7ost
refmap via4
bid 76849
confirm https://launchpad.net/bugs/1449062
mlist [oss-security] 20161006 OSSA 2016-012] Malicious qemu-img input may exhaust resources in Cinder, Glance, Nova (CVE-2015-5162)
Last major update 13-02-2023 - 00:50
Published 07-10-2016 - 14:59
Last modified 13-02-2023 - 00:50
Back to Top