Launchpad CVE tracker

CVE 2013-4261

OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.

Related bugs and status

CVE-2013-4261 (Candidate) is related to these bugs:

Bug #1215091: [OSSA 2013-026] Some sequence of characters in console-log can DoS nova-compute (CVE-2013-4261)

		In	Importance	Status
1215091	[OSSA 2013-026] Some sequence of characters in console-log can DoS nova-compute (CVE-2013-4261)	OpenStack Compute (nova)	High	Invalid
1215091	[OSSA 2013-026] Some sequence of characters in console-log can DoS nova-compute (CVE-2013-4261)	OpenStack Security Advisory	High	Fix Released
1215091	[OSSA 2013-026] Some sequence of characters in console-log can DoS nova-compute (CVE-2013-4261)	OpenStack Compute (nova) grizzly	High	Fix Released
1215091	[OSSA 2013-026] Some sequence of characters in console-log can DoS nova-compute (CVE-2013-4261)	oslo-incubator	Undecided	Invalid
1215091	[OSSA 2013-026] Some sequence of characters in console-log can DoS nova-compute (CVE-2013-4261)	oslo-incubator folsom	Undecided	Fix Committed
1215091	[OSSA 2013-026] Some sequence of characters in console-log can DoS nova-compute (CVE-2013-4261)	oslo-incubator grizzly	Undecided	Fix Committed

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-4261

References