DoS Vulnerability in OpenStack Compute (Nova) by Unverified QCOW2 Image Sizes
CVE-2013-4463

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
6 February 2014

Summary

A vulnerability exists in the OpenStack Compute (Nova) service due to improper verification of the virtual size of QCOW2 images. This flaw allows local users to exploit the system by creating compressed QCOW2 images that can lead to significant disk consumption on the host file system, resulting in a denial of service condition. This issue stems from an incomplete fix for a previous vulnerability, highlighting potential weaknesses in the image handling processes within the affected versions.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.