CVE-2013-4185Compute vulnerability

CWE-31011 documents8 sources
Severity
4.0MEDIUMNVD
EPSS
0.6%
top 31.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Openstack NovaOpenstack ComputeRedhat Openstack
Timeline
PublishedOct 29
Latest updateMay 14

Description

Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages4 packages

PyPIopenstack/nova< 12.0.0a0
Debianopenstack/nova< 2013.1.2-3+3
NVDopenstack/compute2013.12013.1.3+1

Patches

Patch: seclists.orgPatch: seclists.org

🔴Vulnerability Details

4
GHSA
OpenStack Nova Denial of Service in network source security groups2022-05-14
OSV
OpenStack Nova Denial of Service in network source security groups2022-05-14
OSV
CVE-2013-4185: Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 20132013-10-29
CVEList
CVE-2013-4185: Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 20132013-10-29

📋Vendor Advisories

3
Ubuntu
Nova vulnerabilities2013-10-23
Red Hat
OpenStack: Nova network source security groups denial of service2013-08-06
Debian
CVE-2013-4185: nova - Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3...2013

💬Community

3
Bugzilla
CVE-2013-4185 openstack-nova: OpenStack: Nova network source security groups denial of service [epel-6]2013-08-08
Bugzilla
CVE-2013-4185 openstack-nova: OpenStack: Nova network source security groups denial of service [fedora-all]2013-08-08
Bugzilla
CVE-2013-4185 OpenStack: Nova network source security groups denial of service2013-08-05
CVE-2013-4185 — Openstack Compute vulnerability | cvebase