CVE-2013-4469
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.
OpenStack Compute (Nova) Folsom, Grizzly, y Habana, cuando use_cow_images se establece como False, no verifica el tamaño virtual de una imagen qcow2, que permite a usuarios locales provocar una denegación de servicio (consumo de disco del sistema de archivos host) mediante la transferencia de una imagen con un tamaño virtual grande que no contiene una gran cantidad de datos desde Glance. NOTA: este problema se debe a una corrección incompleta de CVE-2013-2096.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-12 CVE Reserved
- 2013-11-02 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.launchpad.net/nova/+bug/1206081 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/10/31/3 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2247-1 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openstack Search vendor "Openstack" | Folsom Search vendor "Openstack" for product "Folsom" | - | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Grizzly Search vendor "Openstack" for product "Grizzly" | - | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Havana Search vendor "Openstack" for product "Havana" | - | - |
Affected
| ||||||