CVE-2014-8333
First published: Fri Oct 31 2014(Updated: )
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/nova | <12.0.0a0 | 12.0.0a0 |
| Red Hat OpenStack for IBM Power | =5.0 | |
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| OpenStack Nova-LXD | >=2014.1<2014.1.4 | |
| All of | ||
| Any of | ||
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat OpenStack for IBM Power | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html
- http://rhn.redhat.com/errata/RHSA-2015-0843.html
- http://rhn.redhat.com/errata/RHSA-2015-0844.html
- http://secunia.com/advisories/60531
- https://bugs.launchpad.net/nova/+bug/1359138
- https://nvd.nist.gov/vuln/detail/CVE-2014-8333
- https://github.com/openstack/nova/commit/d71445c7d2d2921d10a08f82330f0ab8ef4f7df2
- https://github.com/openstack/nova/commit/e1f8664c9fa83f77f5bb763ffcc3157905ed954c
- https://github.com/advisories/GHSA-g63p-mfcm-54c4 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2014-8333?
CVE-2014-8333 has a medium severity level as it allows authenticated users to exploit resources, causing denial of service by consuming disk space.
How do I fix CVE-2014-8333?
To fix CVE-2014-8333, update your OpenStack Nova to version 2014.1.4 or later.
Which versions of Nova are affected by CVE-2014-8333?
CVE-2014-8333 affects all versions of Nova prior to 2014.1.4.
Can Red Hat Enterprise Linux versions be affected by CVE-2014-8333?
Red Hat Enterprise Linux versions 6.0 and 7.0 are not vulnerable to CVE-2014-8333.
What impact does CVE-2014-8333 have on my OpenStack installation?
CVE-2014-8333 can lead to a denial of service by allowing remote authenticated users to delete instances in the resize state, leading to disk consumption.
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-g63p-mfcm-54c4
- alias/CVE-2014-8333
- agent/software-canonical-lookup
- agent/references
- agent/weakness
- agent/severity
- agent/remedy
- agent/description
- agent/author
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- package-manager/pip
- vendor/redhat
- canonical/red hat openstack for ibm power
- version/red hat openstack for ibm power/5.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/6.0
- version/red hat enterprise linux/7.0
- vendor/openstack
- canonical/openstack nova-lxd
- version/openstack nova-lxd/2014.1