CVE-2015-8234

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
openstackglance
11.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glance
bullseye
unimportant
bullseye (security)
unimportant
bookworm
unimportant
bookworm (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glance
xenial
not-affected
wily
ignored
vivid
not-affected
trusty
dne
precise
not-affected
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2015/q4/303
https://bugs.launchpad.net/glance/+bug/1516031
https://wiki.openstack.org/wiki/OSSN/OSSN-0061
http://seclists.org/oss-sec/2015/q4/303
https://bugs.launchpad.net/glance/+bug/1516031
https://wiki.openstack.org/wiki/OSSN/OSSN-0061