CVE-2013-0270

MEDIUM

Openstack Keystone < 2012.1.3 - Memory Corruption

Title source: rule

Description

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.

References (7)

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2013-0708.html

[Third Party Advisory] https://bugs.launchpad.net/keystone/+bug/1099025

[Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=909012

[Third Party Advisory] https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8

[Third Party Advisory] https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc

View Writeup ZIP pw:eip

[Patch, Third Party Advisory] https://launchpad.net/keystone/grizzly/2013.1

[Vdb Entry, X_Refsource_Redhat] https://access.redhat.com/security/cve/CVE-2013-0270

Scores

CVSS v3 6.5

EPSS 0.0268

EPSS Percentile 85.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-119 CWE-1284

Status published

Products (7)

openstack/keystone 2013.1 milestone1 (3 CPE variants)

openstack/keystone 2012.1 - 2012.1.3

pypi/keystone 0 - 8.0.0a0PyPI

Red Hat/Red Hat OpenStack Platform 13 (Queens)

Red Hat/Red Hat OpenStack Platform 16.2

Red Hat/Red Hat OpenStack Platform 17.1

Red Hat/Red Hat OpenStack Platform 18.0

Published Apr 12, 2013

Tracked Since Feb 18, 2026