Vulnerability Details : CVE-2013-2096
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-2096
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-2096
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2013-2096
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2096
-
http://www.securityfocus.com/bid/59924
OpenStack Compute (Nova) CVE-2013-2096 Denial of Service Vulnerability
-
https://review.openstack.org/#/c/28901/
Change I83346728: Check QCOW2 image size during root disk creation | review.opendev Code Review
-
http://www.ubuntu.com/usn/USN-1831-1
USN-1831-1: OpenStack Nova vulnerability | Ubuntu security notices
-
https://review.openstack.org/#/c/29192/
Change I83346728: Check QCOW2 image size during root disk creation | review.opendev Code Review
-
http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html
OpenStack Open Source Cloud Computing Software ยป Message: [openstack-announce] [OSSA 2013-012] Nova fails to verify image virtual size (CVE-2013-2096)Vendor Advisory
-
https://review.openstack.org/#/c/28717/
Change I83346728: Check QCOW2 image size during root disk creation | review.opendev Code Review
Products affected by CVE-2013-2096
- cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*