CVE-2014-8333
openstack-nova: Nova VMware instance in resize state may leak
Severity Score
4.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
El controlador VMware en OpenStack Compute (Nova) anterior a 2014.1.4 permite a usuarios remotos autenticados causar una denegaciĆ³n de servicio (consumo de disco) mediante la eliminaciĆ³n de un instancia en el estado resize.
A flaw was found in the OpenStack Compute (nova) VMWare driver, which could allow an authenticated user to delete an instance while it was in the resize state, causing the instance to remain on the back end. A malicious user could use this flaw to cause a denial of service by exhausting all available resources on the system.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-10-20 CVE Reserved
- 2014-10-31 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
- CWE-772: Missing Release of Resource after Effective Lifetime
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://bugs.launchpad.net/nova/+bug/1359138 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html | 2019-04-22 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2015-0843.html | 2019-04-22 | |
| http://rhn.redhat.com/errata/RHSA-2015-0844.html | 2019-04-22 | |
| https://access.redhat.com/security/cve/CVE-2014-8333 | 2015-04-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1154890 | 2015-04-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 5.0 Search vendor "Redhat" for product "Openstack" and version "5.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 5.0 Search vendor "Redhat" for product "Openstack" and version "5.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Safe
|
| Openstack Search vendor "Openstack" | Nova Search vendor "Openstack" for product "Nova" | >= 2014.1 < 2014.1.4 Search vendor "Openstack" for product "Nova" and version " >= 2014.1 < 2014.1.4" | - |
Affected
| ||||||