CVE-2014-8333: OpenStack Nova VMware instance leak potentially leading to compute DoS

May 14, 2022 (updated May 14, 2024)

The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.

References

bugs.launchpad.net/nova/+bug/1359138
github.com/advisories/GHSA-g63p-mfcm-54c4
github.com/openstack/nova
github.com/openstack/nova/commit/d71445c7d2d2921d10a08f82330f0ab8ef4f7df2
github.com/openstack/nova/commit/e1f8664c9fa83f77f5bb763ffcc3157905ed954c
nvd.nist.gov/vuln/detail/CVE-2014-8333

Detect and mitigate CVE-2014-8333 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →