Miggo Logo

CVE-2013-1838: OpenStack Compute (Nova) Denial of service via a large number of calls to the addFixedIp function

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.79764%
Published
5/17/2022
Updated
11/26/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
novapip< 12.0.0a012.0.0a0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from missing quota enforcement in the fixed IP allocation process. The patch adds quota checks (QUOTAS.reserve/commit) to allocate_fixed_ip in nova/network/manager.py, confirming this was the vulnerable point. The function's pre-patch version allowed unlimited fixed IP associations without tracking usage against a project quota, making it the clear attack vector. The CWE-770 (unlimited resource allocation) classification and commit diff further validate this assessment.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Op*nSt**k *omput* (Nov*) *rizzly, *olsom (****.*), *n* *ss*x (****.*) *o*s not prop*rly impl*m*nt * quot* *or *ix** IPs, w*i** *llows r*mot* *ut**nti**t** us*rs to **us* * **ni*l o* s*rvi** (r*sour** *x**ustion *n* **ilur* to sp*wn n*w inst*n**s) vi*

Reasoning

T** vuln*r**ility st*mm** *rom missin* quot* *n*or**m*nt in t** *ix** IP *llo**tion pro**ss. T** p*t** ***s quot* ****ks (QUOT*S.r*s*rv*/*ommit) to *llo**t*_*ix**_ip in nov*/n*twork/m*n***r.py, *on*irmin* t*is w*s t** vuln*r**l* point. T** *un*tion's