CVE-2013-4155

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2013-1197.html
http://www.debian.org/security/2012/dsa-2737
http://www.openwall.com/lists/oss-security/2013/08/07/6
http://www.ubuntu.com/usn/USN-2001-1
https://bugs.launchpad.net/swift/+bug/1196932
https://review.openstack.org/#/c/40643/
https://review.openstack.org/#/c/40645/
https://review.openstack.org/#/c/40646/
http://rhn.redhat.com/errata/RHSA-2013-1197.html
http://www.debian.org/security/2012/dsa-2737
http://www.openwall.com/lists/oss-security/2013/08/07/6
http://www.ubuntu.com/usn/USN-2001-1
https://bugs.launchpad.net/swift/+bug/1196932
https://review.openstack.org/#/c/40643/
https://review.openstack.org/#/c/40645/
https://review.openstack.org/#/c/40646/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openstack:folsom:-:::::::*
	cpe:2.3:a:openstack:grizzly:-:::::::*
	cpe:2.3:a:openstack:havana:-:::::::*
	cpe:2.3:a:openstack:swift::::::::
	cpe:2.3:a:openstack:swift:1.0.0:::::::*
	cpe:2.3:a:openstack:swift:1.0.1:::::::*
	cpe:2.3:a:openstack:swift:1.0.2:::::::*
	cpe:2.3:a:openstack:swift:1.1.0:::::::*
	cpe:2.3:a:openstack:swift:1.1.0:rc1::::::
	cpe:2.3:a:openstack:swift:1.1.0:rc2::::::
	cpe:2.3:a:openstack:swift:1.2.0:::::::*
	cpe:2.3:a:openstack:swift:1.2.0:gamma1::::::
	cpe:2.3:a:openstack:swift:1.2.0:rc1::::::
	cpe:2.3:a:openstack:swift:1.3.0:::::::*
	cpe:2.3:a:openstack:swift:1.3.0:gamma1::::::
	cpe:2.3:a:openstack:swift:1.3.0:rc1::::::
	cpe:2.3:a:openstack:swift:1.4.0:::::::*
	cpe:2.3:a:openstack:swift:1.4.1:::::::*
	cpe:2.3:a:openstack:swift:1.4.2:::::::*
	cpe:2.3:a:openstack:swift:1.4.3:::::::*
	cpe:2.3:a:openstack:swift:1.4.4:::::::*
	cpe:2.3:a:openstack:swift:1.4.5:::::::*
	cpe:2.3:a:openstack:swift:1.4.6:::::::*
	cpe:2.3:a:openstack:swift:1.4.7:::::::*
	cpe:2.3:a:openstack:swift:1.4.8:::::::*
	cpe:2.3:a:openstack:swift:1.5.0:::::::*
	cpe:2.3:a:openstack:swift:1.6.0:::::::*
	cpe:2.3:a:openstack:swift:1.7.0:::::::*
	cpe:2.3:a:openstack:swift:1.7.2:::::::*
	cpe:2.3:a:openstack:swift:1.7.4:::::::*
	cpe:2.3:a:openstack:swift:1.7.5:::::::*
	cpe:2.3:a:openstack:swift:1.7.6:::::::*
	cpe:2.3:a:openstack:swift:1.8.0:::::::*
	cpe:2.3:a:openstack:swift:1.8.0:rc1::::::
	cpe:2.3:a:openstack:swift:1.8.0:rc2::::::

History

21 Nov 2024, 01:54

Type	Values Removed	Values Added
References	~~() http://rhn.redhat.com/errata/RHSA-2013-1197.html -~~	() http://rhn.redhat.com/errata/RHSA-2013-1197.html -
References	~~() http://www.debian.org/security/2012/dsa-2737 -~~	() http://www.debian.org/security/2012/dsa-2737 -
References	~~() http://www.openwall.com/lists/oss-security/2013/08/07/6 -~~	() http://www.openwall.com/lists/oss-security/2013/08/07/6 -
References	~~() http://www.ubuntu.com/usn/USN-2001-1 -~~	() http://www.ubuntu.com/usn/USN-2001-1 -
References	~~() https://bugs.launchpad.net/swift/+bug/1196932 -~~	() https://bugs.launchpad.net/swift/+bug/1196932 -
References	~~() https://review.openstack.org/#/c/40643/ -~~	() https://review.openstack.org/#/c/40643/ -
References	~~() https://review.openstack.org/#/c/40645/ -~~	() https://review.openstack.org/#/c/40645/ -
References	~~() https://review.openstack.org/#/c/40646/ -~~	() https://review.openstack.org/#/c/40646/ -

Information

Published : 2013-08-20 22:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-4155

Mitre link : CVE-2013-4155

CVE.ORG link : CVE-2013-4155

JSON object : View

Products Affected

openstack

swift
havana
grizzly
folsom

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

4.0 /10