CVE-2012-3371

The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.

Published: Jul 17, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-3371
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
openstack / compute	2012.2	2012.2.x
openstack / essex	2012.1	2012.1.x
openstack / folsom	2012.2	2012.2.x

http://www.openwall.com/lists/oss-security/2012/07/11/13
http://www.securityfocus.com/bid/54388
http://www.ubuntu.com/usn/USN-1501-1
https://bugs.launchpad.net/nova/+bug/1017795
https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d
https://lists.launchpad.net/openstack/msg14452.html

Vulnerability Database

289,697

CVE-2012-3371