CVE-2013-1838: OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated…

medium4CVSS 3.1

AVNACLAuSCNINAP

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

Affected

12 ranges

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	nova	< nova 2012.1.1-15 (bookworm)	nova 2012.1.1-15 (bookworm)
openstack	essex	—	—
openstack	folsom	—	—
openstack	grizzly	—	—
openstack	nova	>= 0 < 2012.1.1-15	2012.1.1-15
openstack	nova	>= 0 < 2012.1.1-15	2012.1.1-15
openstack	nova	>= 0 < 2012.1.1-15	2012.1.1-15
openstack	nova	>= 0 < 2012.1.1-15	2012.1.1-15
openstack	nova	>= 0 < 12.0.0a0	12.0.0a0

CVSS provenance

nvd4.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P

osv4.0MEDIUM