CVE-2012-2101: Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules
3.5
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.74453%
CWE
-
Published
5/17/2022
Updated
11/22/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
AV:N/AC:M/Au:S/C:N/I:N/A:P
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
nova | pip | < 12.0.0a0 | 12.0.0a0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from missing quota checks in security group/rule creation endpoints. The patches introduced quota.allowed_security_groups() and quota.allowed_security_group_rules() calls to these functions, confirming they were previously unguarded. The EC2 and OpenStack API handlers for group/rule creation are directly implicated in the CVE description and commit diffs.