CVE-2013-4463
OpenStack Nova denial of service through compressed disk images
EPSS 0.15%
Description
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.
How to fix CVE-2013-4463
To remediate CVE-2013-4463, upgrade the affected package to a fixed version below.
- Debian/nova—upgrade to 2013.2-3 or later
- PyPI/nova—upgrade to 12.0.0a0 or later
Is CVE-2013-4463 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2013.2-3
- from 0, < 12.0.0a0