Denial of Service Vulnerability in OpenStack Swift by OpenStack
CVE-2013-4155

Currently unrated

Key Information:

Vendor: Openstack
Status: Swift; Havana; Grizzly; Folsom
Vendor: CVE Published:; 20 August 2013

Summary

An issue exists in OpenStack Swift versions prior to 1.9.1 that allows authenticated users to inadvertently cause a denial of service. This occurs when an authenticated user sends a DELETE request with a timestamp older than the expected range, leading to excessive tombstone consumption and subsequent degradation of the Swift cluster's performance. Administrators should ensure they are running an updated version of OpenStack Swift to mitigate potential disruptions.

References

https://bugs.launchpad.net/swift/+bug/1196932

x_refsource_CONFIRM

http://www.debian.org/security/2012/dsa-2737

vendor-advisoryx_refsource_DEBIAN

https://review.openstack.org/#/c/40646/

x_refsource_MISC

Timeline

Vulnerability published
Aug 20, 2013
Vulnerability Reserved
Jun 12, 2013