CVE 2013-4185
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.
Related bugs and status
CVE-2013-4185 (Candidate) is related to these bugs:
Bug #1184041: [OSSA 2013-020] Denial of Service in Nova network source security groups (CVE-2013-4185)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1184041 | [OSSA 2013-020] Denial of Service in Nova network source security groups (CVE-2013-4185) | OpenStack Compute (nova) | High | Fix Released | ||
| 1184041 | [OSSA 2013-020] Denial of Service in Nova network source security groups (CVE-2013-4185) | OpenStack Security Advisory | High | Fix Released | ||
| 1184041 | [OSSA 2013-020] Denial of Service in Nova network source security groups (CVE-2013-4185) | OpenStack Compute (nova) grizzly | High | Fix Released | ||
Bug #1210447: Meta bug for tracking Openstack 2013.1.3 Stable Update
See the 
CVE page on Mitre.org
for more details.
