CVE-2013-2096

Openstack Folsom < 12.0.0a0 - Resource Management Error

Title source: rule

Description

OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.

References (6)

[Vendor Advisory] http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html

[Vendor Advisory] http://www.ubuntu.com/usn/USN-1831-1

[Various Sources] https://review.openstack.org/#/c/28717/

[Various Sources] https://review.openstack.org/#/c/28901/

[Various Sources] https://review.openstack.org/#/c/29192/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/59924

Scores

EPSS 0.0006

EPSS Percentile 19.0%

Classification

CWE

CWE-399

Status draft

Affected Products (4)

openstack/folsom

openstack/grizzly

openstack/havana

pypi/nova < 12.0.0a0PyPI

Timeline

Published Jul 09, 2013

Tracked Since Feb 18, 2026