CVE-2013-4185

Published: Oct 29, 2013Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.

Affected (3)

Products: Openstack: Compute · Redhat: Openstack

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openstack Compute	From 2013.1 to 2013.1.3
Openstack Compute	From 2013.2 to 2013.2.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack	Version 3.0

Related CWEs

References (6)

http://rhn.redhat.com/errata/RHSA-2013-1199.html

Source: secalert@redhat.com

Vendor Advisory

http://seclists.org/oss-sec/2013/q3/282

Source: secalert@redhat.com

PatchThird Party Advisory

https://bugs.launchpad.net/nova/+bug/1184041

Source: secalert@redhat.com

ExploitThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1199.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://seclists.org/oss-sec/2013/q3/282

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://bugs.launchpad.net/nova/+bug/1184041

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.