DoS Vulnerability in OpenStack Compute (Nova) by Unverified QCOW2 Image Sizes
CVE-2013-4463

Currently unrated

Key Information:

Vendor: Openstack
Status: Havana; Grizzly; Folsom
Vendor: CVE Published:; 6 February 2014

Summary

A vulnerability exists in the OpenStack Compute (Nova) service due to improper verification of the virtual size of QCOW2 images. This flaw allows local users to exploit the system by creating compressed QCOW2 images that can lead to significant disk consumption on the host file system, resulting in a denial of service condition. This issue stems from an incomplete fix for a previous vulnerability, highlighting potential weaknesses in the image handling processes within the affected versions.

References

https://bugs.launchpad.net/nova/+bug/1206081

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2013/10/31/3

mailing-listx_refsource_MLIST

http://www.ubuntu.com/usn/USN-2247-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Feb 6, 2014
Vulnerability Reserved
Jun 12, 2013