Lucene search

K

GitHub Advisory DatabaseGHSA-HRV9-4X4C-9JC8

HistoryMay 14, 2022 - 1:58 a.m.

OpenStack Nova DoS through ephemeral disk backing files

2022-05-1401:58:45

GitHub Advisory Database

github.com

1

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.1%

The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.

Affected configurations

Vulners

Node

github_advisory_databasenovaRange<12.0.0a0

CPENameOperatorVersion
novalt12.0.0a0

References

lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html

rhn.redhat.com/errata/RHSA-2014-0231.html

bugs.launchpad.net/nova/+bug/1253980

github.com/advisories/GHSA-hrv9-4x4c-9jc8

github.com/openstack/nova/commit/3e451f1bac57d24e47171cffb3ad59bb1610d836

github.com/openstack/nova/commit/6e455cd97f04bf26bbe022be17c57e089cf502f4

github.com/openstack/nova/commit/ca38774ebcf5b67d16c202c8f218c0c433973ca9

nvd.nist.gov/vuln/detail/CVE-2013-6437

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.1%

Related for GHSA-HRV9-4X4C-9JC8

cve1 nvd1 ubuntucve1 debiancve1 prion1 cvelist1 ibm1 redhat1 veracode3