Buffer overflow in Openstack Folsom

CVE-2013-4155

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than e…

Vulnerability class: Buffer Overflow

EPSS: 0.010 (77.5th percentile) — read the EPSS interpretation.

Affected products

Openstack Folsom
Openstack Grizzly
Openstack Havana
Openstack Swift — versions 1.0.0, 1.0.1, 1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secalert@redhat.com (x_refsource_CONFIRM)
DSA-2737 (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_MISC)
[oss-security] 20130807 [OSSA 2013-022] Swift Denial of Service using superfluous object tombstones (CVE-2013-4155) (mailing-list, x_refsource_MLIST)
USN-2001-1 (x_refsource_UBUNTU, vendor-advisory)
secalert@redhat.com (x_refsource_MISC)
secalert@redhat.com (x_refsource_MISC)
RHSA-2013:1197 (x_refsource_REDHAT, vendor-advisory)