Buffer overflow in Openstack Folsom

CVE-2013-4261

OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool con…

Vulnerability class: Buffer Overflow

EPSS: 0.006 (69.8th percentile) — read the EPSS interpretation.

Affected products

Openstack Folsom
Openstack Grizzly
Redhat Openstack — versions 3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

[oss-security] 20130912 [OSSA 2013-026] Potential denial of service on Nova when using Qpid (CVE-2013-4261) (mailing-list, x_refsource_MLIST, Patch)
RHSA-2013:1199 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Exploit)
secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)