Denial of Service Vulnerability in OpenStack Compute by Canonical
CVE-2013-1838

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
22 March 2013

Summary

OpenStack Compute (Nova) versions Grizzly, Folsom, and Essex fail to adequately enforce quotas on fixed IPs. This weakness allows remote authenticated users to overwhelm the system by invoking the addFixedIp function excessively. As a result, the resource exhaustion leads to service disruption, preventing the spawning of new instances and impacting overall system availability.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.