Unrated severityNVD Advisory· Published Oct 29, 2013· Updated Apr 29, 2026

CVE-2013-4261

Description

OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.

Affected products

OpenStack/Folsom
cpe:2.3:a:openstack:folsom:*:*:*:*:*:*:*:*
Range: <=-
OpenStack/Grizzly
cpe:2.3:a:openstack:grizzly:*:*:*:*:*:*:*:*
Range: <=-
Red Hat/Openstack
cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/oss-sec/2013/q3/595nvdPatch
bugs.launchpad.net/nova/+bug/1215091nvdExploit
bugzilla.redhat.com/show_bug.cginvdExploitPatch
rhn.redhat.com/errata/RHSA-2013-1199.htmlnvdVendor Advisory
bugzilla.redhat.com/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000