CVE-2013-4185

OpenStack Compute < 2013.1.3 - Authenticated Denial of Service via Network Security Group Policy Updates

Title source: llm
STIX 2.1

Description

Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/nova/+bug/1184041
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1199.html
Patch, Third Party Advisory mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2013/q3/282

Scores

EPSS 0.0058
EPSS Percentile 69.2%

Details

CWE
CWE-310
Status published
Products (3)
openstack/compute 2013.1 - 2013.1.3
pypi/nova 0 - 12.0.0a0PyPI
redhat/openstack 3.0
Published Oct 29, 2013
Tracked Since Feb 18, 2026