CVE-2013-0270

CWE-1284CWE-119Buffer Overflow8 documents7 sources
Severity
6.5MEDIUM
EPSS
2.7%
top 14.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Keystone
Timeline
PublishedApr 12
Latest updateMay 5

Description

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDopenstack/keystone2012.12012.1.3+2
PyPIkeystone< 8.0.0a0
Debiankeystone< 2013.1.1-2+3

Patches

Patch: launchpad.netPatch: launchpad.net

🔴Vulnerability Details

4
GHSA
OpenStack Keystone Denial of Service vulnerability via a large HTTP request2022-05-05
OSV
OpenStack Keystone Denial of Service vulnerability via a large HTTP request2022-05-05
OSV
CVE-2013-0270: A flaw was found in OpenStack Keystone2013-04-12
CVEList
Keystone: openstack keystone: denial of service via large http request with long tenant name2013-04-12

📋Vendor Advisories

2
Red Hat
CVE-2013-0270: A flaw was found in OpenStack Keystone2013-04-12
Debian
CVE-2013-0270: keystone - A flaw was found in OpenStack Keystone. A remote attacker could exploit this vul...2013

💬Community

1
Bugzilla
CVE-2013-0270 OpenStack Keystone: Large HTTP request DoS2013-02-08
CVE-2013-0270 (MEDIUM CVSS 6.5) | A flaw was found in OpenStack Keyst | cvebase.io