Vulnerabilities > CVE-2016-7498 - Resource Management Errors vulnerability in Openstack Compute (Nova) 13.0.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

openstack

CWE-399

NVD

Published: 2016-09-27

Updated: 2023-11-07

Summary

OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression.

Vulnerable Configurations

Part	Description	Count
Application	Openstack Openstack Compute (Nova) 13.0.0	1

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

http://www.securityfocus.com/bid/93068
http://www.openwall.com/lists/oss-security/2016/09/21/8
https://security.openstack.org/ossa/OSSA-2016-011.html
http://www.openwall.com/lists/oss-security/2016/09/23/1