CVE-2013-4185
published 2013-10-29CVE-2013-4185: Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security…
medium4CVSS 3.1
AVNACLAuSCNINAP
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nova | < nova 2013.1.2-3 (bookworm) | nova 2013.1.2-3 (bookworm) |
| openstack | compute | >= 2013.1 < 2013.1.3 | 2013.1.3 |
| openstack | compute | >= 2013.2 < 2013.2.3 | 2013.2.3 |
| openstack | nova | >= 0 < 2013.1.2-3 | 2013.1.2-3 |
| openstack | nova | >= 0 < 2013.1.2-3 | 2013.1.2-3 |
| openstack | nova | >= 0 < 2013.1.2-3 | 2013.1.2-3 |
| openstack | nova | >= 0 < 2013.1.2-3 | 2013.1.2-3 |
| openstack | nova | >= 0 < 12.0.0a0 | 12.0.0a0 |
| redhat | openstack | — | — |
CVSS provenance
nvd4.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv4.0MEDIUM