Home > Vulnerability Database > CVE-2013-1838

Mend.io Vulnerability Database

CVE-2013-1838

Date: March 22, 2013

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

Language: Python

Severity Score

4.3

Related Resources (24)

Url: https://github.com/openstack/nova/commit/99429214d4ddb5bdc7de185693b8a53ad50df3c6

Url: https://lists.launchpad.net/openstack/msg21892.html

Url: http://ubuntu.com/usn/usn-1771-1

Url: https://github.com/openstack/nova/commit/efaacdaee116388234558e2682b647d41fe5b149

Url: http://secunia.com/advisories/52580

Url: http://www.securityfocus.com/bid/58492

Url: https://bugzilla.redhat.com/show_bug.cgi?id=919648

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-1838

Url: https://bugs.launchpad.net/nova/+bug/1125468

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/82877

Url: https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-44.yaml

Url: https://review.openstack.org/#/c/24453

Url: https://github.com/openstack/nova

Url: http://osvdb.org/91303

Url: https://review.openstack.org/#/c/24453/

Url: https://review.openstack.org/#/c/24451

Url: https://review.openstack.org/#/c/24452/

Url: https://review.openstack.org/#/c/24452

Url: http://secunia.com/advisories/52728

Url: https://review.openstack.org/#/c/24451/

Url: http://www.openwall.com/lists/oss-security/2013/03/14/18

Url: https://github.com/openstack/nova/commit/9561484166f245d0e4602a36351d6cac72dd9426

Url: http://rhn.redhat.com/errata/RHSA-2013-0709.html

Url: https://www.mend.io/vulnerability-database/CVE-2013-1838

Severity Score

4.3

Weakness Type (CWE)

Resource Management Errors

CWE-399

Allocation of Resources Without Limits or Throttling

CWE-770

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2013-1838

Date: March 22, 2013

Language: Python

Severity Score

Related Resources (24)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?