Vulnerability Description
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Cinder | 7.0.2 |
| Openstack | Glance | <= 11.0.0 |
| Openstack | Nova | <= 12.0.3 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2016-2923.html
- http://rhn.redhat.com/errata/RHSA-2016-2991.html
- http://rhn.redhat.com/errata/RHSA-2017-0153.html
- http://rhn.redhat.com/errata/RHSA-2017-0156.html
- http://rhn.redhat.com/errata/RHSA-2017-0165.html
- http://rhn.redhat.com/errata/RHSA-2017-0282.html
- http://www.openwall.com/lists/oss-security/2016/10/06/8Third Party Advisory
- http://www.securityfocus.com/bid/76849
- https://launchpad.net/bugs/1449062Exploit
- http://rhn.redhat.com/errata/RHSA-2016-2923.html
- http://rhn.redhat.com/errata/RHSA-2016-2991.html
- http://rhn.redhat.com/errata/RHSA-2017-0153.html
- http://rhn.redhat.com/errata/RHSA-2017-0156.html
- http://rhn.redhat.com/errata/RHSA-2017-0165.html
- http://rhn.redhat.com/errata/RHSA-2017-0282.html
FAQ
What is CVE-2015-5162?
CVE-2015-5162 is a vulnerability with a CVSS score of 7.5 (HIGH). The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attacke...
How severe is CVE-2015-5162?
CVE-2015-5162 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5162?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Cinder, Openstack Glance, Openstack Nova.