CVE-2013-4261 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Folsom
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents8 sources
Severity
3.5LOWNVD
EPSS
0.6%
top 30.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 29
Latest updateMay 17
Description
OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.
CVSS vector
AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9
Affected Packages4 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-6h2f-6j38-qxpp: OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during m↗2022-05-17
OSV▶
CVE-2013-4261: OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during m↗2013-10-29
CVEList▶
CVE-2013-4261: OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during m↗2013-10-29
📋Vendor Advisories
3💬Community
3Bugzilla
▶
Bugzilla▶
CVE-2013-4261 openstack-nova: OpenStack: openstack-nova-compute console-log DoS [fedora-all]↗2013-08-21