OSSA-2013-020: Denial of Service in Nova network source security groups

OSSA-2013-020: Denial of Service in Nova network source security groups

Date

August 06, 2013

CVE

CVE-2013-4185

Affects

  • Nova: All versions

Description

Vishvananda Ishaya from Nebula reported a denial of service vulnerability in Nova’s handling of network source security group policy updates. By performing a large number of server creation operations, the proportion of updates increases quadratically and may overwhelm nova-network such that it is no longer able to service other requests in a timely fashion. Only setups relying on nova-network are affected.

Credits

  • Vishvananda Ishaya from Nebula (CVE-2013-4185)

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.