GHSA-xxgm-qpj5-4886

Suggest an improvement
Source
https://github.com/advisories/GHSA-xxgm-qpj5-4886
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xxgm-qpj5-4886/GHSA-xxgm-qpj5-4886.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xxgm-qpj5-4886
Aliases
  • CVE-2012-3371
Published
2022-05-17T05:25:08Z
Modified
2024-01-12T20:56:35.150901Z
Summary
OpenStack Nova Scheduler denial of service through scheduler_hints
Details

The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.

References

Affected packages

PyPI / nova

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.0.0a0