CVE-2013-4185

Openstack Compute < 2013.1.3 - Cryptographic Issue

Title source: rule

Description

Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.

References (3)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-1199.html

[Patch, Third Party Advisory] http://seclists.org/oss-sec/2013/q3/282

[Exploit, Third Party Advisory] https://bugs.launchpad.net/nova/+bug/1184041

Scores

EPSS 0.0058

EPSS Percentile 68.6%

Classification

CWE

CWE-310

Status draft

Affected Products (3)

openstack/compute < 2013.1.3

redhat/openstack

pypi/nova < 12.0.0a0PyPI

Timeline

Published Oct 29, 2013

Tracked Since Feb 18, 2026