CVE-2013-1838

Currently unrated

Key Information:

Vendor: Openstack
Status: Essex; Folsom; Grizzly
Vendor: CVE Published:; 22 March 2013

Summary

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

References

https://lists.launchpad.net/openstack/msg21892.html

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/58492

vdb-entryx_refsource_BID

https://bugs.launchpad.net/nova/+bug/1125468

x_refsource_CONFIRM

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 22, 2013
Vulnerability Reserved
Feb 19, 2013