8.6

CVE-2017-17051

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenstackNova Version16.0.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.97% 0.779
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.6 3.9 4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

http://www.securityfocus.com/bid/102102
Third Party Advisory
VDB Entry
https://launchpad.net/bugs/1732976
Third Party Advisory
Issue Tracking
https://review.openstack.org/521662
Vendor Advisory
https://review.openstack.org/523214
Vendor Advisory
https://security.openstack.org/ossa/OSSA-2017-006.html
Vendor Advisory