Skip to content

OpenStack Nova DoS through ephemeral disk backing files

Moderate severity GitHub Reviewed Published May 14, 2022 to the GitHub Advisory Database • Updated May 14, 2024

Package

pip nova (pip)

Affected versions

< 12.0.0a0

Patched versions

12.0.0a0

Description

The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.

References

Published by the National Vulnerability Database Mar 6, 2014
Published to the GitHub Advisory Database May 14, 2022
Reviewed May 14, 2024
Last updated May 14, 2024

Severity

Moderate

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(62nd percentile)

Weaknesses

No CWEs

CVE ID

CVE-2013-6437

GHSA ID

GHSA-hrv9-4x4c-9jc8

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.