Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12cTc2LXJ4eDMtNHI0cs4AASJX
OpenStack Nova DoS by rebuilding the same instance with a new image multiple times
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.
Permalink: https://github.com/advisories/GHSA-vq76-rxx3-4r4rJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12cTc2LXJ4eDMtNHI0cs4AASJX
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 6 months ago
CVSS Score: 8.6
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Identifiers: GHSA-vq76-rxx3-4r4r, CVE-2017-17051
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-17051
- https://launchpad.net/bugs/1732976
- https://review.openstack.org/521662
- https://review.openstack.org/523214
- https://security.openstack.org/ossa/OSSA-2017-006.html
- http://www.securityfocus.com/bid/102102
- https://github.com/openstack/nova/commit/25a1d78e83065c5bea5d8e0a017fd9d0914d41d9
- https://github.com/openstack/nova/commit/fed660c1189fdf4159d97badfdc8c5b35ad14f23
- https://github.com/advisories/GHSA-vq76-rxx3-4r4r
Blast Radius: 13.8
Affected Packages
pypi:nova
Dependent packages: 0Dependent repositories: 40
Downloads: 7,869 last month
Affected Version Ranges: < 16.0.4
Fixed in: 16.0.4
All affected versions: 15.1.5
All unaffected versions: 16.1.6, 16.1.7, 16.1.8, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 17.0.12, 17.0.13, 18.0.2, 18.0.3, 18.1.0, 18.2.0, 18.2.1, 18.2.2, 18.2.3, 18.3.0, 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.1.0, 19.2.0, 19.3.0, 19.3.1, 19.3.2, 20.0.0, 20.0.1, 20.1.0, 20.1.1, 20.2.0, 20.3.0, 20.4.0, 20.4.1, 20.5.0, 20.6.0, 20.6.1, 21.0.0, 21.1.0, 21.1.1, 21.1.2, 21.2.0, 21.2.1, 21.2.2, 21.2.3, 21.2.4, 22.0.0, 22.0.1, 22.1.0, 22.2.0, 22.2.1, 22.2.2, 22.3.0, 22.4.0, 23.0.0, 23.0.1, 23.0.2, 23.1.0, 23.2.0, 23.2.1, 23.2.2, 24.0.0, 24.1.0, 24.1.1, 24.2.0, 24.2.1, 25.0.0, 25.0.1, 25.1.0, 25.1.1, 25.2.0, 25.2.1, 25.3.0, 26.0.0, 26.1.0, 26.1.1, 26.2.0, 26.2.1, 26.2.2, 26.3.0, 27.0.0, 27.1.0, 27.2.0, 27.3.0, 27.4.0, 27.5.0, 27.5.1, 28.0.0, 28.0.1, 28.1.0, 28.2.0, 28.3.0, 29.0.0, 29.0.1, 29.0.2, 29.1.0, 29.2.0, 30.0.0