Vulnerability Description
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Folsom | - |
| Openstack | Grizzly | - |
| Openstack | Havana | - |
Related Weaknesses (CWE)
References
- http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.htmlVendor Advisory
- http://www.securityfocus.com/bid/59924
- http://www.ubuntu.com/usn/USN-1831-1
- https://review.openstack.org/#/c/28717/
- https://review.openstack.org/#/c/28901/
- https://review.openstack.org/#/c/29192/
- http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.htmlVendor Advisory
- http://www.securityfocus.com/bid/59924
- http://www.ubuntu.com/usn/USN-1831-1
- https://review.openstack.org/#/c/28717/
- https://review.openstack.org/#/c/28901/
- https://review.openstack.org/#/c/29192/
FAQ
What is CVE-2013-2096?
CVE-2013-2096 is a vulnerability with a CVSS score of 2.1 (LOW). OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by cre...
How severe is CVE-2013-2096?
CVE-2013-2096 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2096?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Folsom, Openstack Grizzly, Openstack Havana.