CVE-2013-4469
published 2013-11-02CVE-2013-4469: OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows…
low1.9CVSS 3.1
AVLACMAuNCNINAP
OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nova | < nova 2013.2-3 (bookworm) | nova 2013.2-3 (bookworm) |
| openstack | nova | >= 0 < 2013.2-3 | 2013.2-3 |
| openstack | nova | >= 0 < 2013.2-3 | 2013.2-3 |
| openstack | nova | >= 0 < 2013.2-3 | 2013.2-3 |
| openstack | nova | >= 0 < 2013.2-3 | 2013.2-3 |
| openstack | nova | >= 0 < 12.0.0a0 | 12.0.0a0 |
| openstack | nova | >= 0 < 1:2014.1-0ubuntu1.2 | 1:2014.1-0ubuntu1.2 |
CVSS provenance
nvd1.9LOWAV:L/AC:M/Au:N/C:N/I:N/A:P
ghsa2.1LOW
osv5.0MEDIUM