CVE-2012-3371Improper Input Validation in Nova

CWE-20Improper Input Validation10 documents7 sources
Severity
3.5LOWNVD
EPSS
0.9%
top 24.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Openstack NovaOpenstack ComputeOpenstack Essex+1 more
Timeline
PublishedJul 17
Latest updateMay 17

Description

The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages5 packages

PyPIopenstack/nova< 12.0.0a0
Debianopenstack/nova< 2012.1.1-5+3
NVDopenstack/essex2012.1
NVDopenstack/folsom2012.2
NVDopenstack/compute2012.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
OpenStack Nova Scheduler denial of service through scheduler_hints2022-05-17
GHSA
OpenStack Nova Scheduler denial of service through scheduler_hints2022-05-17
CVEList
CVE-2012-3371: The Nova scheduler in OpenStack Compute (Nova) Folsom (20122012-07-17
OSV
CVE-2012-3371: The Nova scheduler in OpenStack Compute (Nova) Folsom (20122012-07-17

📋Vendor Advisories

2
Ubuntu
Nova vulnerability2012-07-11
Debian
CVE-2012-3371: nova - The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1...2012

💬Community

3
Bugzilla
CVE-2012-3371 OpenStack-Nova: Scheduler denial of service through scheduler_hints [epel-6]2012-07-28
Bugzilla
CVE-2012-3371 OpenStack-Nova: Scheduler denial of service through scheduler_hints [fedora-all]2012-07-11
Bugzilla
CVE-2012-3371 OpenStack-Nova: Scheduler denial of service through scheduler_hints2012-06-29
CVE-2012-3371 — Improper Input Validation in Nova | cvebase