CVE-2013-4463

Openstack Folsom < 12.0.0a0 - Resource Management Error

Title source: rule

Description

OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.

References (4)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2014-0112.html

[Issue Tracking] https://bugs.launchpad.net/nova/+bug/1206081

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2247-1

[Mailing List] http://www.openwall.com/lists/oss-security/2013/10/31/3

Scores

EPSS 0.0006

EPSS Percentile 18.8%

Classification

CWE

CWE-399

Status draft

Affected Products (4)

openstack/folsom

openstack/grizzly

openstack/havana

pypi/nova < 12.0.0a0PyPI

Timeline

Published Feb 06, 2014

Tracked Since Feb 18, 2026