← Back

CVE-2014-3608

nvd nist
Published: Oct 6, 2014Modified: May 6, 2026

JSON object

Loading...
2.7
Vector
AV:A/AC:L/Au:S/C:N/I:N/A:P
Exploitability: 5.1 / Impact: 2.9
Source: NVD

Description

The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.

Affected (2)

Products: Openstack: Nova
Openstack
1 product
Nova
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Openstack
Nova
From 2013.2 to 2013.2.4
Nova
From 2014.1 to 2014.1.3

Related CWEs

CWE-399
CWE-399

References (10)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.