CVE-2013-2096

OpenStack Compute (Nova) Folsom, Grizzly, and Havana - Denial of Service via QCOW2 Image Virtual Size

Title source: llm

Description

OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.

References (6)

Core 6

Core References

Various Sources x_refsource_confirm

https://review.openstack.org/#/c/28717/

Various Sources x_refsource_confirm

https://review.openstack.org/#/c/28901/

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1831-1

Vendor Advisory mailing-list x_refsource_mlist

http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html

Various Sources x_refsource_confirm

https://review.openstack.org/#/c/29192/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/59924

Scores

EPSS 0.0006

EPSS Percentile 19.2%

Details

CWE

CWE-399

Status published

Products (4)

openstack/folsom

openstack/grizzly

openstack/havana

pypi/nova 0 - 12.0.0a0PyPI

Published Jul 09, 2013

Tracked Since Feb 18, 2026