MEDIUM

GHSA-7332-36h8-8jh8

OpenStack Identity (Keystone) Denial of Service

Details

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / keystone

Introduced in: 0 Fixed in: 8.0.0a0

Fix pip install --upgrade 'keystone>=8.0.0a0'

References

https://nvd.nist.gov/vuln/detail/CVE-2013-2014 [ADVISORY]
https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8 [WEB]
https://bugs.launchpad.net/keystone/+bug/1098177 [WEB]
https://bugs.launchpad.net/keystone/+bug/1099025 [WEB]
https://exchange.xforce.ibmcloud.com/vulnerabilities/84347 [WEB]
http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html [WEB]
http://secunia.com/advisories/53397 [WEB]
http://www.securityfocus.com/bid/59936 [WEB]