CVE 2015-5162
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.
Related bugs and status
CVE-2015-5162 (Candidate) is related to these bugs:
Bug #1449062: [OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)
Bug #1597254: qemu-img calls need to be restricted by ulimit (CVE-2015-5162)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1597254 | qemu-img calls need to be restricted by ulimit (CVE-2015-5162) | Mirantis OpenStack | Medium | Fix Released | ||
1597254 | qemu-img calls need to be restricted by ulimit (CVE-2015-5162) | Mirantis OpenStack 8.0.x | Medium | Won't Fix | ||
1597254 | qemu-img calls need to be restricted by ulimit (CVE-2015-5162) | Mirantis OpenStack 9.x | Medium | Fix Released |
See the
CVE page on Mitre.org
for more details.