GHSA-4g73-w726-53h3

Source

https://github.com/advisories/GHSA-4g73-w726-53h3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-4g73-w726-53h3/GHSA-4g73-w726-53h3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4g73-w726-53h3

Aliases

CVE-2026-44919

Published

2026-05-14T03:32:08Z

Modified

2026-06-08T20:15:14.542246459Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

OpenStack Ironic: Pre-Validation Checksum Calculation allows Denial of Service (DoS) via Infinite Block Devices

Details

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.

Database specific

{
    "nvd_published_at": "2026-05-14T02:17:21Z",
    "cwe_ids": [
        "CWE-696"
    ],
    "github_reviewed_at": "2026-05-19T20:15:08Z",
    "github_reviewed": true,
    "severity": "MODERATE"
}

References

Affected packages

PyPI / ironic

Package

Name: ironic; View open source insights on deps.dev
Purl: pkg:pypi/ironic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

36.0.0

Affected versions

0.*

0.0

9.*

9.1.6

9.1.7

10.*

10.1.7

10.1.8

10.1.9

10.1.10

11.*

11.1.1

11.1.2

11.1.3

11.1.4

12.*

12.0.0

12.1.0

12.1.1

12.1.2

12.1.3

12.1.4

12.1.5

12.1.6

12.2.0

13.*

13.0.0

13.0.1

13.0.2

13.0.3

13.0.4

13.0.5

13.0.6

13.0.7

14.*

14.0.0

15.*

15.0.0

15.0.1

15.0.2

15.1.0

15.2.0

16.*

16.0.0

16.0.1

16.0.2

16.0.3

16.0.4

16.0.5

16.1.0

16.2.0

17.*

17.0.0

17.0.1

17.0.2

17.0.3

17.0.4

17.1.0

18.*

18.0.0

18.1.0

18.2.0

18.2.1

18.2.2

18.3.0

19.*

19.0.0

20.*

20.0.0

20.1.0

20.1.1

20.1.2

20.1.3

20.2.0

21.*

21.0.0

21.1.0

21.1.1

21.1.2

21.2.0

21.3.0

21.4.0

21.4.1

21.4.2

21.4.3

21.4.4

22.*

22.0.0

22.1.0

23.*

23.0.0

23.0.1

23.0.2

23.0.3

23.0.4

23.0.5

23.1.0

24.*

24.0.0

24.1.0

24.1.1

24.1.2

24.1.3

24.1.4

24.1.5

25.*

25.0.0

26.*

26.0.0

26.1.0

26.1.1

26.1.2

26.1.3

26.1.4

26.1.5

26.1.6

27.*

27.0.0

28.*

28.0.0

29.*

29.0.0

29.0.1

29.0.2

29.0.3

29.0.4

29.0.5

30.*

30.0.0

31.*

31.0.0

32.*

32.0.0

32.0.1

33.*

33.0.0

34.*

34.0.0

35.*

35.0.0

35.0.1

36.*

36.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-4g73-w726-53h3/GHSA-4g73-w726-53h3.json"