Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2015-5162
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.
| Software | From | Fixed in |
|---|---|---|
| openstack / nova | 13.0.0 | 13.0.0.x |
| openstack / nova | - | 12.0.3.x |
| openstack / glance | 11.0.1 | 11.0.1.x |
| openstack / cinder | 8.1.0 | 8.1.0.x |
| openstack / glance | 12.0.0 | 12.0.0.x |
| openstack / cinder | 8.0.0 | 8.0.0.x |
| openstack / glance | - | 11.0.0.x |
| openstack / cinder | 7.0.2 | 7.0.2.x |
cinder
|
- | 7.0.2 |
|
cinder
|
8.0.0 | 9.0.0 |
|
glance
|
- | 14.0.0 |
|
nova
|
- | 12.0.4 |
- http://rhn.redhat.com/errata/RHSA-2016-2923.html
- http://rhn.redhat.com/errata/RHSA-2016-2991.html
- http://rhn.redhat.com/errata/RHSA-2017-0153.html
- http://rhn.redhat.com/errata/RHSA-2017-0156.html
- http://rhn.redhat.com/errata/RHSA-2017-0165.html
- http://rhn.redhat.com/errata/RHSA-2017-0282.html
- http://www.openwall.com/lists/oss-security/2016/10/06/8
- http://www.securityfocus.com/bid/76849
- https://access.redhat.com/security/cve/CVE-2015-5162
- https://bugzilla.redhat.com/show_bug.cgi?id=1268303
- https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5
- https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f
- https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397
- https://launchpad.net/bugs/1449062