LOW

GHSA-hq3f-9gf7-73r8

Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules

Details

Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / nova

Introduced in: 0 Fixed in: 12.0.0a0

Fix pip install --upgrade 'nova>=12.0.0a0'

References

https://nvd.nist.gov/vuln/detail/CVE-2012-2101 [ADVISORY]
https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7 [WEB]
https://github.com/openstack/nova/commit/8c8735a73afb16d5856f0aa6088e9ae406c52beb [WEB]
https://github.com/openstack/nova/commit/a67db4586f70ed881d65e80035b2a25be195ce64 [WEB]
https://bugs.launchpad.net/nova/+bug/969545 [WEB]
https://exchange.xforce.ibmcloud.com/vulnerabilities/75243 [WEB]
https://github.com/openstack/nova [PACKAGE]
https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-36.yaml [WEB]
https://lists.launchpad.net/openstack/msg10268.html [WEB]
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html [WEB]
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079551.html [WEB]
http://ubuntu.com/usn/usn-1438-1 [WEB]