Denial of Service Vulnerability in OpenStack Compute by OpenStack
CVE-2013-2096

Currently unrated

Key Information:

Vendor: Openstack
Status: Havana; Grizzly; Folsom
Vendor: CVE Published:; 9 July 2013

Summary

OpenStack Compute (Nova) in versions Folsom, Grizzly, and Havana fails to properly validate the virtual size of QCOW2 images. This oversight allows local users to create images with large reported sizes that do not correlate to actual data size, leading to excessive disk consumption on the host file system. As a result, this can result in denial of service conditions, as the host may exhaust its available disk space.

References

https://review.openstack.org/#/c/28717/

x_refsource_CONFIRM

https://review.openstack.org/#/c/28901/

x_refsource_CONFIRM

http://www.ubuntu.com/usn/USN-1831-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Jul 9, 2013
Vulnerability Reserved
Feb 19, 2013