{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-18T00:00:00", "descriptions": [{"lang": "en", "value": "The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-06T14:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2014:0231", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html"}, {"name": "[openstack-announce] 20131218 [OSSA 2013-037] Nova compute DoS through ephemeral disk backing files (CVE-2013-6437)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/nova/+bug/1253980"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:39:01.271Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2014:0231", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html"}, {"name": "[openstack-announce] 20131218 [OSSA 2013-037] Nova compute DoS through ephemeral disk backing files (CVE-2013-6437)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/nova/+bug/1253980"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-6437", "datePublished": "2014-03-06T15:00:00", "dateReserved": "2013-11-04T00:00:00", "dateUpdated": "2024-08-06T17:39:01.271Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFD62B8C-D52F-4A31-ABDF-9390182BA803", "versionEndExcluding": "2013.1.5", "versionStartIncluding": "2013.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B2A2CFC-2233-4868-8508-6C513B201DA5", "versionEndExcluding": "2013.2.2", "versionStartIncluding": "2013.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:2014.1:milestone1:*:*:*:*:*:*", "matchCriteriaId": "FB6BAFED-3BC9-4B5E-890C-8AA14666E28D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file."}, {"lang": "es", "value": "El controlador libvirt en OpenStack Compute (Nova) anterior a 2013.2.2 y icehouse anterior a icehouse-2 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo de disco) mediante creaci\u00f3n y eliminaci\u00f3n de instancias con configuraciones os_type \u00fanicas, lo que provoca la creaci\u00f3n de un archivo de respaldo de disco ef\u00edmero nuevo."}], "id": "CVE-2013-6437", "lastModified": "2018-11-16T14:55:33.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-03-06T15:55:28.767", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://bugs.launchpad.net/nova/+bug/1253980"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank OpenStack project for reporting this issue. Upstream acknowledges Phil Day (HP) as the original reporter.", "affected_release": [{"advisory": "RHSA-2014:0231", "cpe": "cpe:/a:redhat:openstack:4::el6", "package": "openstack-nova-0:2013.2.2-2.el6ost", "product_name": "OpenStack 4 for RHEL 6", "release_date": "2014-03-04T00:00:00Z"}], "bugzilla": {"description": "openstack-nova: DoS through ephemeral disk backing files", "id": "1043106", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043106"}, "csaw": false, "cvss": {"cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified"}, "details": ["The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file."], "name": "CVE-2013-6437", "package_state": [{"cpe": "cpe:/a:redhat:openstack:3", "fix_state": "Will not fix", "package_name": "openstack-nova", "product_name": "Red Hat OpenStack Platform 3"}], "public_date": "2013-12-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-6437\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6437"], "statement": "Red Hat Product Security has rated this issue as having moderate security impact in Red Hat OpenStack Platform 3.0. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}