4

CVE-2013-1838

EPSS 1.43%
Published 22.03.2013 21:55:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

Affected products Warnungen 0 Metrics 2 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Openstack ≫ Essex Version2012.1

Openstack ≫ Folsom Version2012.2

Openstack ≫ Grizzly Version2012.2

Canonical ≫ Ubuntu Linux Version11.10

Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts

Canonical ≫ Ubuntu Linux Version12.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.43%	0.788

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

http://rhn.redhat.com/errata/RHSA-2013-0709.html

http://secunia.com/advisories/52728

Vendor Advisory

http://osvdb.org/91303

http://secunia.com/advisories/52580

Vendor Advisory

http://ubuntu.com/usn/usn-1771-1

http://www.openwall.com/lists/oss-security/2013/03/14/18

http://www.securityfocus.com/bid/58492

https://bugs.launchpad.net/nova/+bug/1125468

https://bugzilla.redhat.com/show_bug.cgi?id=919648

https://exchange.xforce.ibmcloud.com/vulnerabilities/82877

https://lists.launchpad.net/openstack/msg21892.html

https://review.openstack.org/#/c/24451/

https://review.openstack.org/#/c/24452/

https://review.openstack.org/#/c/24453/

https://nvd.nist.gov/vuln/detail/CVE-2013-1838

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-1838

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-1838

EUVD