CVE-2013-1838 : OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not p

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

Published 2013-03-22 21:55:01

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2013-1838

Canonical » Ubuntu Linux » Version: 12.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.10
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 11.10
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
Matching versions
Openstack » Essex » Version: 2012.1
cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
Matching versions
Openstack » Folsom » Version: 2012.2
cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
Matching versions
Openstack » Grizzly » Version: 2012.2
cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-1838

EPSS FAQ

1.43%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-1838

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2013-1838

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-1838

http://secunia.com/advisories/52580

Sign in
Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/03/14/18

oss-security - [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)
https://bugzilla.redhat.com/show_bug.cgi?id=919648

919648 – (CVE-2013-1838) CVE-2013-1838 Openstack Nova: DoS by allocating all Fixed IPs
https://review.openstack.org/#/c/24453/

Change I2a5afaa4: Add quotas for fixed ips. | review.opendev Code Review
https://lists.launchpad.net/openstack/msg21892.html

[OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838) : Mailing list archive : openstack team in Launchpad
https://review.openstack.org/#/c/24452/

Change I970d540c: Add quotas for fixed ips. | review.opendev Code Review
http://rhn.redhat.com/errata/RHSA-2013-0709.html

RHSA-2013:0709 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://secunia.com/advisories/52728

Sign in
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/58492

OpenStack Nova CVE-2013-1838 Denial of Service Vulnerability
https://bugs.launchpad.net/nova/+bug/1125468

Bug #1125468 “[OSSA 2013-008] DOS by allocating all fixed ips” : Bugs : OpenStack Compute (nova)
https://review.openstack.org/#/c/24451/

Change Iffa19583: Add quotas for fixed ips. | review.opendev Code Review
http://osvdb.org/91303
http://ubuntu.com/usn/usn-1771-1

USN-1771-1: OpenStack Nova vulnerabilities | Ubuntu security notices
https://exchange.xforce.ibmcloud.com/vulnerabilities/82877

OpenStack Compute (Nova) Fixed IPs denial of service CVE-2013-1838 Vulnerability Report

Jump to

Vulnerability Details : CVE-2013-1838

Products affected by CVE-2013-1838

Exploit prediction scoring system (EPSS) score for CVE-2013-1838

CVSS scores for CVE-2013-1838

CWE ids for CVE-2013-1838

References for CVE-2013-1838