Red Hat Customer Portal

Skip to main content

CVE-2013-4463

OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.

Details Source

Mitre

Statement

The Red Hat Security Response Team has rated this issue as having moderate security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Public Date

2013-10-31 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-4463 OpenStack Nova: Compressed disk image DoS

Bugzilla ID

1 023 239

CVSS Status

verified

Base Score

4.00

Base Metrics

AV:N/AC:L/Au:S/C:N/I:N/A:P

Acknowledgements

Red Hat would like to thank Thierry Carrez of the OpenStack project for reporting this issue. Upstream acknowledges Bernhard M. Wiedemann of SuSE as the original reporter.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux OpenStack Platform 3.0 (openstack-nova) RHSA-2014:0112 2014-01-30

Affected Packages State

Platform Package State
Red Hat Enterprise Linux OpenStack Platform 4.0 openstack-nova Affected