CVE-2017-5936

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-5936

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5936.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-5936

Aliases

Downstream

UBUNTU-CVE-2017-5936

USN-3195-1

Published

2017-04-12T22:59:00.740Z

Modified

2026-04-02T00:14:10.217120Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.

References

Affected packages

Git / github.com/openstack-archive/nova-lxd

Affected ranges

Type: GIT
Repo: https://github.com/openstack-archive/nova-lxd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1b76cefb92081efa1e88cd8f330253f857028bd2

Type

GIT

Repo

https://github.com/openstack/nova-lxd

Events

Introduced

Last affected

0355e1c22bc93d05f4351b7a77cb70f563e1f8b0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.1.0"
        }
    ]
}

Affected versions

13.*

13.0.1

13.1

13.1.0

13.2.0

14.*

14.0.0

14.0.0.0

14.0.0.0b1

14.0.0.0b2

14.0.0.0b3

14.0.0.0rc1

14.0.1

14.1.0

14.2.0

14.2.1

14.2.2

15.*

15.0.0

15.0.0.0rc1

15.0.1

15.0.2

16.*

16.0.0

16.0.0.0b1

16.0.0.0rc1

17.*

17.0.0

17.0.0.0rc1

17.0.1

18.*

18.0.0

18.0.0.0rc1

18.0.0.0rc2

18.0.1

19.*

19.0.0

19.0.0.0rc1

Other

newton-eol

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5936.json"