CVE-2017-17051

EPSS 0.84%
Veröffentlicht 05.12.2017 18:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openstack ≫ Nova Version16.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.84%	0.725

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.6	3.9	4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://www.securityfocus.com/bid/102102

Third Party Advisory

VDB Entry

https://launchpad.net/bugs/1732976

Third Party Advisory

Issue Tracking

https://review.openstack.org/521662

Vendor Advisory

https://review.openstack.org/523214

Vendor Advisory

https://security.openstack.org/ossa/OSSA-2017-006.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-17051

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-17051

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-17051

EUVD