OSSA-2013-020: Denial of Service in Nova network source security groups

OSSA-2013-020: Denial of Service in Nova network source security groups¶

Date:: August 06, 2013
CVE:: CVE-2013-4185

Affects¶

Nova: All versions

Description¶

Vishvananda Ishaya from Nebula reported a denial of service vulnerability in Nova’s handling of network source security group policy updates. By performing a large number of server creation operations, the proportion of updates increases quadratically and may overwhelm nova-network such that it is no longer able to service other requests in a timely fashion. Only setups relying on nova-network are affected.

Patches¶

https://review.openstack.org/#/c/39544 (Folsom)
https://review.openstack.org/#/c/39543 (Grizzly)
https://review.openstack.org/#/c/39541 (Havana)

Credits¶

Vishvananda Ishaya from Nebula (CVE-2013-4185)

References¶

this page last updated: 2024-10-03 16:29:15

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.