CVE-2015-8234

EUVD-2017-0145
The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
openstackglance
11.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glance
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glance
precise
not-affected
trusty
dne
vivid
not-affected
wily
ignored
xenial
not-affected
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2015/q4/303
https://bugs.launchpad.net/glance/+bug/1516031
https://wiki.openstack.org/wiki/OSSN/OSSN-0061
http://seclists.org/oss-sec/2015/q4/303
https://bugs.launchpad.net/glance/+bug/1516031
https://wiki.openstack.org/wiki/OSSN/OSSN-0061