CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
5.1%
OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images
is set to False, does not verify the virtual size of a QCOW2 image, which
allows local users to cause a denial of service (host file system disk
consumption) by transferring an image with a large virtual size that does
not contain a large amount of data from Glance. NOTE: this issue is due to
an incomplete fix for CVE-2013-2096.
Author | Note |
---|---|
jdstrand | patch for CVE-2013-4463 should fix this saucy needs a no change rebuild for saucy-security |