Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-17051

Опубликовано: 05 дек. 2017
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.

Отчет

This vulnerability was caused by the fix for a prior vulnerability (CVE-2017-16239). No patches for the earlier vulnerability were released for Red Hat OpenStack before the discover of the new vulnerability. Therefore, current versions of Red Hat OpenStack are not affected by this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)openstack-novaNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)openstack-novaNot affected
Red Hat OpenStack Platform 10 (Newton)openstack-novaNot affected
Red Hat OpenStack Platform 11 (Ocata)openstack-novaNot affected
Red Hat OpenStack Platform 12 (Pike)openstack-novaNot affected
Red Hat OpenStack Platform 8 (Liberty)openstack-novaNot affected
Red Hat OpenStack Platform 9 (Mitaka)openstack-novaNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1519231openstack-nova: Nova FilterScheduler doubles resource allocations during rebuild with new image

EPSS

Процентиль: 74%
0.00841
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-17051

CVSS3: 8.6
ubuntu
около 8 лет назад

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.

nvd логотип

CVE-2017-17051

CVSS3: 8.6
nvd
около 8 лет назад

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.

debian логотип

CVE-2017-17051

CVSS3: 8.6
debian
около 8 лет назад

An issue was discovered in the default FilterScheduler in OpenStack No ...

github логотип

GHSA-vq76-rxx3-4r4r

CVSS3: 8.6
github
больше 3 лет назад

OpenStack Nova DoS by rebuilding the same instance with a new image multiple times

EPSS

Процентиль: 74%
0.00841
Низкий

5.3 Medium

CVSS3