Medium severity5.5NVD Advisory· Published Mar 29, 2017· Updated May 13, 2026

CVE-2015-8234

Description

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
glancePyPI	<= 11.0.0	—

Affected products

OpenStack/Glance
cpe:2.3:a:openstack:glance:11.0.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.launchpad.net/glance/+bug/1516031nvdIssue TrackingPatchThird Party AdvisoryWEB
seclists.org/oss-sec/2015/q4/303nvdMailing ListThird Party AdvisoryWEB
github.com/advisories/GHSA-wmhw-fvg9-87fcghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2015-8234ghsaADVISORY
wiki.openstack.org/wiki/OSSN/OSSN-0061nvdThird Party AdvisoryWEB
github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2017-143.yamlghsaWEB
seclists.org/oss-sec/2015/q4/303ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000