{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-10-31T00:00:00", "descriptions": [{"lang": "en", "value": "OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance.  NOTE: this issue is due to an incomplete fix for CVE-2013-2096."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-06-19T14:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/nova/+bug/1206081"}, {"name": "[oss-security] 20131031 [OSSA 2013-029] Potential Nova denial of service through compressed disk images (CVE-2013-4463, CVE-2013-4469)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/10/31/3"}, {"name": "USN-2247-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2247-1"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:45:14.301Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/nova/+bug/1206081"}, {"name": "[oss-security] 20131031 [OSSA 2013-029] Potential Nova denial of service through compressed disk images (CVE-2013-4463, CVE-2013-4469)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/10/31/3"}, {"name": "USN-2247-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2247-1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4469", "datePublished": "2013-11-02T18:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:14.301Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5BA13BC-F088-45AA-AD10-B74F89CE5375", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*", "matchCriteriaId": "A83ED744-9E3D-4510-B3E6-6DDE1090F0B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*", "matchCriteriaId": "77522028-683C-4708-AF46-50B49A0A2D15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance.  NOTE: this issue is due to an incomplete fix for CVE-2013-2096."}, {"lang": "es", "value": "OpenStack Compute (Nova) Folsom, Grizzly, y Habana, cuando use_cow_images se establece como False, no verifica el tama\u00f1o virtual de una imagen qcow2, que permite a usuarios locales provocar una denegaci\u00f3n de servicio (consumo de disco del sistema de archivos host) mediante la transferencia de una imagen con un tama\u00f1o virtual grande que no contiene una gran cantidad de datos desde Glance. NOTA: este problema se debe a una correcci\u00f3n incompleta de CVE-2013-2096."}], "id": "CVE-2013-4469", "lastModified": "2024-11-21T01:55:37.780", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-11-02T18:55:03.237", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2013/10/31/3"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2247-1"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://bugs.launchpad.net/nova/+bug/1206081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2013/10/31/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2247-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://bugs.launchpad.net/nova/+bug/1206081"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "Nova: Incomplete fix for CVE-2013-2096", "id": "1023581", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1023581"}, "csaw": false, "cvss": {"cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "draft"}, "details": ["OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance.  NOTE: this issue is due to an incomplete fix for CVE-2013-2096."], "name": "CVE-2013-4469", "package_state": [{"cpe": "cpe:/a:redhat:openstack:3", "fix_state": "Will not fix", "package_name": "openstack-nova", "product_name": "Red Hat OpenStack Platform 3"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Not affected", "package_name": "openstack-nova", "product_name": "Red Hat OpenStack Platform 4"}], "public_date": "2013-10-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-4469\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4469"], "statement": "The Red Hat Security Response Team has rated this issue as having moderate security impact. This issue only affects systems that implemented the fix for  CVE-2013-2096 (Bz963462) which fails to completely address the problem. For  additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}