CVE-2015-5162

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2015-5162
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2015-5162.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2015-5162
Aliases
Related
Published
2016-10-07T14:59:01Z
Modified
2024-11-17T10:00:21Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.

References

Affected packages

Debian:11 / cinder

Package

Name
cinder
Purl
pkg:deb/debian/cinder?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:8.0.0-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / cinder

Package

Name
cinder
Purl
pkg:deb/debian/cinder?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:8.0.0-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / cinder

Package

Name
cinder
Purl
pkg:deb/debian/cinder?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:8.0.0-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:11 / glance

Package

Name
glance
Purl
pkg:deb/debian/glance?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:12.0.0-1

Ecosystem specific 

{
    "urgency": "low"
}

Debian:12 / glance

Package

Name
glance
Purl
pkg:deb/debian/glance?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:12.0.0-1

Ecosystem specific 

{
    "urgency": "low"
}

Debian:13 / glance

Package

Name
glance
Purl
pkg:deb/debian/glance?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:12.0.0-1

Ecosystem specific 

{
    "urgency": "low"
}

Debian:11 / nova

Package

Name
nova
Purl
pkg:deb/debian/nova?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:13.0.0-1

Ecosystem specific 

{
    "urgency": "low"
}

Debian:12 / nova

Package

Name
nova
Purl
pkg:deb/debian/nova?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:13.0.0-1

Ecosystem specific 

{
    "urgency": "low"
}

Debian:13 / nova

Package

Name
nova
Purl
pkg:deb/debian/nova?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:13.0.0-1

Ecosystem specific 

{
    "urgency": "low"
}