GSA_kwCzR0hTQS14eGdtLXFwajUtNDg4Ns4AAfko

Low EPSS: 0.00881% (0.74056 Percentile) EPSS:

Permalink JSON

OpenStack Nova Scheduler denial of service through scheduler_hints

Affected Packages	Affected Versions	Fixed Versions
pypi:Nova	< 12.0.0a0	12.0.0a0
0 Dependent packages 40 Dependent repositories 3,743 Downloads last month Affected Version Ranges All affected versions All unaffected versions 15.1.5, 16.1.6, 16.1.7, 16.1.8, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 17.0.12, 17.0.13, 18.0.2, 18.0.3, 18.1.0, 18.2.0, 18.2.1, 18.2.2, 18.2.3, 18.3.0, 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.1.0, 19.2.0, 19.3.0, 19.3.1, 19.3.2, 20.0.0, 20.0.1, 20.1.0, 20.1.1, 20.2.0, 20.3.0, 20.4.0, 20.4.1, 20.5.0, 20.6.0, 20.6.1, 21.0.0, 21.1.0, 21.1.1, 21.1.2, 21.2.0, 21.2.1, 21.2.2, 21.2.3, 21.2.4, 22.0.0, 22.0.1, 22.1.0, 22.2.0, 22.2.1, 22.2.2, 22.3.0, 22.4.0, 23.0.0, 23.0.1, 23.0.2, 23.1.0, 23.2.0, 23.2.1, 23.2.2, 24.0.0, 24.1.0, 24.1.1, 24.2.0, 24.2.1, 25.0.0, 25.0.1, 25.1.0, 25.1.1, 25.2.0, 25.2.1, 25.3.0, 26.0.0, 26.1.0, 26.1.1, 26.2.0, 26.2.1, 26.2.2, 26.3.0, 27.0.0, 27.1.0, 27.2.0, 27.3.0, 27.4.0, 27.5.0, 27.5.1, 28.0.0, 28.0.1, 28.1.0, 28.2.0, 28.3.0, 28.3.1, 29.0.0, 29.0.1, 29.0.2, 29.1.0, 29.2.0, 29.2.1, 30.0.0, 31.0.0

The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.

References:

Identifiers

GHSA-xxgm-qpj5-4886

CVE-2012-3371

Risk

Severity

Low

EPSS

EPSS Percentage: 0.00881

EPSS Percentile: 0.74056

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/openstack/nova

Date and time

Published

about 3 years ago

Updated

8 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories