CVE-2013-1838Allocation of Resources Without Limits or Throttling in Nova

CWE-399CWE-770Allocation of Resources Without Limits or Throttling9 documents8 sources
Severity
4.0MEDIUMNVD
EPSS
1.4%
top 19.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Openstack NovaCanonical Ubuntu LinuxOpenstack Essex+2 more
Timeline
PublishedMar 22
Latest updateMay 17

Description

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages5 packages

PyPIopenstack/nova< 12.0.0a0
Debianopenstack/nova< 2012.1.1-15+3
NVDopenstack/essex2012.1
NVDopenstack/folsom2012.2
NVDopenstack/grizzly2012.2

Also affects: Ubuntu Linux 11.10, 12.04, 12.10

🔴Vulnerability Details

4
OSV
OpenStack Compute (Nova) Denial of service via a large number of calls to the addFixedIp function2022-05-17
GHSA
OpenStack Compute (Nova) Denial of service via a large number of calls to the addFixedIp function2022-05-17
OSV
CVE-2013-1838: OpenStack Compute (Nova) Grizzly, Folsom (20122013-03-22
CVEList
CVE-2013-1838: OpenStack Compute (Nova) Grizzly, Folsom (20122013-03-22

📋Vendor Advisories

3
Ubuntu
OpenStack Nova vulnerabilities2013-03-20
Red Hat
Nova: DoS by allocating all Fixed IPs2013-03-14
Debian
CVE-2013-1838: nova - OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not p...2013

💬Community

1
Bugzilla
CVE-2013-1838 Openstack Nova: DoS by allocating all Fixed IPs2013-03-09
CVE-2013-1838 — Openstack Nova vulnerability | cvebase