CVE-2013-1838

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

Published: Mar 22, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1838
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
openstack / essex	2012.1	2012.1.x
openstack / folsom	2012.2	2012.2.x
openstack / grizzly	2012.2	2012.2.x
canonical / ubuntu_linux	11.10	11.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x

http://osvdb.org/91303
http://rhn.redhat.com/errata/RHSA-2013-0709.html
http://secunia.com/advisories/52580
http://secunia.com/advisories/52728
http://ubuntu.com/usn/usn-1771-1
http://www.openwall.com/lists/oss-security/2013/03/14/18
http://www.securityfocus.com/bid/58492
https://bugs.launchpad.net/nova/+bug/1125468
https://bugzilla.redhat.com/show_bug.cgi?id=919648
https://exchange.xforce.ibmcloud.com/vulnerabilities/82877
https://lists.launchpad.net/openstack/msg21892.html
https://review.openstack.org/#/c/24451/
https://review.openstack.org/#/c/24452/
https://review.openstack.org/#/c/24453/

Vulnerability Database

289,689

CVE-2013-1838