CVE-2013-0270

EPSS 2.68%
Veröffentlicht 12.04.2013 22:55:01
Zuletzt bearbeitet 29.04.2026 01:13:23
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Keystone: openstack keystone: denial of service via large http request with long tenant name

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 10

NVD 5 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openstack ≫ Keystone Version >= 2012.1 <= 2012.1.3

Openstack ≫ Keystone Version >= 2012.2 <= 2012.2.4

Openstack ≫ Keystone Version2013.1 Updatemilestone1

Openstack ≫ Keystone Version2013.1 Updatemilestone2

Openstack ≫ Keystone Version2013.1 Updatemilestone3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.68%	0.858

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

http://rhn.redhat.com/errata/RHSA-2013-0708.html

Third Party Advisory

https://bugs.launchpad.net/keystone/+bug/1099025

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=909012

Third Party Advisory

https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8

Third Party Advisory

https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc

Third Party Advisory

https://launchpad.net/keystone/grizzly/2013.1

Patch