CVE-2013-6437

CWE-39910 documents7 sources
Severity
4.0MEDIUM
EPSS
0.4%
top 37.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Nova
Timeline
PublishedMar 6
Latest updateMay 14

Description

The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

NVDopenstack/nova2013.12013.1.5+2
PyPInova< 12.0.0a0
Debiannova< 2013.2.2+3

Patches

Patch: lists.openstack.orgPatch: lists.openstack.org

🔴Vulnerability Details

4
GHSA
OpenStack Nova DoS through ephemeral disk backing files2022-05-14
OSV
OpenStack Nova DoS through ephemeral disk backing files2022-05-14
OSV
CVE-2013-6437: The libvirt driver in OpenStack Compute (Nova) before 20132014-03-06
CVEList
CVE-2013-6437: The libvirt driver in OpenStack Compute (Nova) before 20132014-03-06

📋Vendor Advisories

2
Red Hat
openstack-nova: DoS through ephemeral disk backing files2013-12-18
Debian
CVE-2013-6437: nova - The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse befo...2013

💬Community

3
Bugzilla
CVE-2013-6437 openstack-nova: DoS through ephemeral disk backing files [epel-6]2014-07-15
Bugzilla
CVE-2013-6437 openstack-nova: DoS through ephemeral disk backing files [fedora-all]2014-07-15
Bugzilla
CVE-2013-6437 openstack-nova: DoS through ephemeral disk backing files2013-12-13
CVE-2013-6437 (MEDIUM CVSS 4) | The libvirt driver in OpenStack Com | cvebase.io