Denial Of Service (DoS)

2019-01-1508:55:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

JSON

openstack-nova is vulnerable to denial of service (DoS) attacks. The vulnerability exists as OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.

CPENameOperatorVersion
openstack-novaeq2012.2.3__7.el6ost
openstack-novaeq2012.2.3__4.el6ost
openstack-novaeq2012.2.2__8.el6ost
openstack-novaeq2013.1.1__2.el6ost
openstack-novaeq2013.1.4__1.el6ost
openstack-novaeq2012.2__2.1.el6
openstack-novaeq2013.1.1__4.el6ost
openstack-novaeq2012.2.3__9.el6ost
openstack-novaeq2013.1.2__2.el6ost
openstack-novaeq2012.1.3__1.el6

Name	Operator	Version
openstack-nova	eq	2012.2.3__7.el6ost
openstack-nova	eq	2012.2.3__4.el6ost
openstack-nova	eq	2012.2.2__8.el6ost
openstack-nova	eq	2013.1.1__2.el6ost
openstack-nova	eq	2013.1.4__1.el6ost
openstack-nova	eq	2012.2__2.1.el6
openstack-nova	eq	2013.1.1__4.el6ost
openstack-nova	eq	2012.2.3__9.el6ost
openstack-nova	eq	2013.1.2__2.el6ost
openstack-nova	eq	2012.1.3__1.el6