CVE-2013-2096

OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.

🔗 References (12)

• secalert@redhathttp://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html
• secalert@redhathttp://www.securityfocus.com/bid/59924
• secalert@redhathttp://www.ubuntu.com/usn/USN-1831-1
• secalert@redhathttps://review.openstack.org/#/c/28717/
• secalert@redhathttps://review.openstack.org/#/c/28901/
• secalert@redhathttps://review.openstack.org/#/c/29192/
• af854a3a-2127-422b-91ae-364da2661108http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/59924
• af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1831-1
• af854a3a-2127-422b-91ae-364da2661108https://review.openstack.org/#/c/28717/
• af854a3a-2127-422b-91ae-364da2661108https://review.openstack.org/#/c/28901/
• af854a3a-2127-422b-91ae-364da2661108https://review.openstack.org/#/c/29192/