GHSA-92hc-c226-32q7

Source

https://github.com/advisories/GHSA-92hc-c226-32q7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-92hc-c226-32q7/GHSA-92hc-c226-32q7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-92hc-c226-32q7

Aliases

CVE-2014-3608

Published

2022-05-14T01:58:45Z

Modified

2023-11-08T03:57:39.633811Z

Summary

OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service

Details

The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.

References

Affected packages

PyPI / nova

Package

Name: nova; View open source insights on deps.dev
Purl: pkg:pypi/nova

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2014.1.3

Affected versions

15.*

15.1.5

16.*

16.1.6

16.1.7

16.1.8

17.*

17.0.7

17.0.8

17.0.9

17.0.10

17.0.11

17.0.12

17.0.13

18.*

18.0.2

18.0.3

18.1.0

18.2.0

18.2.1

18.2.2

18.2.3

18.3.0

19.*

19.0.0.0rc1

19.0.0.0rc2

19.0.0

19.0.1

19.0.2

19.0.3

19.1.0

19.2.0

19.3.0

19.3.1

19.3.2

20.*

20.0.0.0rc1

20.0.0.0rc2

20.0.0

20.0.1

20.1.0

20.1.1

20.2.0

20.3.0

20.4.0

20.4.1

20.5.0

20.6.0

20.6.1

21.*

21.0.0.0rc1

21.0.0.0rc2

21.0.0

21.1.0

21.1.1

21.1.2

21.2.0

21.2.1

21.2.2

21.2.3

21.2.4

22.*

22.0.0.0rc1

22.0.0

22.0.1

22.1.0

22.2.0

22.2.1

22.2.2

22.3.0

22.4.0

23.*

23.0.0.0rc1

23.0.0.0rc2

23.0.0

23.0.1

23.0.2

23.1.0

23.2.0

23.2.1

23.2.2

24.*

24.0.0.0rc1

24.0.0.0rc2

24.0.0

24.1.0

24.1.1

24.2.0

25.*

25.0.0.0rc1

25.0.0

25.0.1

25.1.0

26.*

26.0.0.0rc1

26.0.0.0rc2

26.0.0

26.1.0

27.*

27.0.0.0rc1

27.0.0