Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2013-2096

Published: 09/07/2013 Updated: 08/01/2014
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openstack

Vulnerability Summary

OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openstack grizzly -

openstack havana -

openstack folsom -

Vendor Advisories

Ubuntu Security Notice: nova vulnerability
Nova could be made to crash the system if instances used a specially crafted image ...
Debian CVElist Bug Report Logs: nova: CVE-2013-4463 and CVE-2013-4469
Debian Bug report logs - #728605 nova: CVE-2013-4463 and CVE-2013-4469 Package: nova; Maintainer for nova is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Nov 2013 14:30:01 UTC Severity: important Tags: patch, security, upstream Fixed in ver ...
Debian CVElist Bug Report Logs: CVE-2013-2096
Debian Bug report logs - #710157 CVE-2013-2096 Package: nova; Maintainer for nova is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 28 May 2013 16:30:05 UTC Severity: grave Tags: security Fixed in version nova/201312-2 Done: Thomas Goirand <zig ...
Red Hat: CVE-2013-2096
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data ...

References

CWE-399https://review.openstack.org/#/c/29192/https://review.openstack.org/#/c/28901/https://review.openstack.org/#/c/28717/http://www.ubuntu.com/usn/USN-1831-1http://www.securityfocus.com/bid/59924http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.htmlhttps://usn.ubuntu.com/1831-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-2096
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook