First published: Tue Jul 09 2013(Updated: )
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
OpenStack Folsom | ||
OpenStack Grizzly | ||
OpenStack Havana |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-2096 is classified as a denial of service vulnerability that can impact host file system stability.
To mitigate CVE-2013-2096, update to a later version of OpenStack that includes the fix for this vulnerability.
CVE-2013-2096 affects OpenStack Compute (Nova) Folsom, Grizzly, and Havana.
CVE-2013-2096 allows local users to create a denial of service condition by filling the host file system with unverified virtual size QCOW2 images.
CVE-2013-2096 requires local user access to exploit the denial of service vulnerability.