CVE-2013-4261
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
29/10/2013
Last modified:
11/04/2025
Description
OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.
Impact
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openstack:folsom:*:*:*:*:*:*:*:* | - (including) | |
| cpe:2.3:a:openstack:grizzly:*:*:*:*:*:*:*:* | - (including) | |
| cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://rhn.redhat.com/errata/RHSA-2013-1199.html
- http://seclists.org/oss-sec/2013/q3/595
- https://bugs.launchpad.net/nova/+bug/1215091
- https://bugzilla.redhat.com/show_bug.cgi?id=999164
- https://bugzilla.redhat.com/show_bug.cgi?id=999271
- http://rhn.redhat.com/errata/RHSA-2013-1199.html
- http://seclists.org/oss-sec/2013/q3/595
- https://bugs.launchpad.net/nova/+bug/1215091
- https://bugzilla.redhat.com/show_bug.cgi?id=999164
- https://bugzilla.redhat.com/show_bug.cgi?id=999271