- Description
- Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:N/A:P
- nvd@nist.gov
- CWE-310
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:compute:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4DC4CBD-9F0A-4533-A7D2-60ABA3C9A95A",
"versionEndExcluding": "2013.1.3",
"versionStartIncluding": "2013.1"
},
{
"criteria": "cpe:2.3:a:openstack:compute:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DDC0FC35-7DCC-4D92-BD2B-854CBAAE2875",
"versionEndExcluding": "2013.2.3",
"versionStartIncluding": "2013.2"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6533B15B-F748-4A5D-AB86-31D38DFAE60F"
}
],
"operator": "OR"
}
]
}
]