CVE-2013-2014

Description

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.

How to fix CVE-2013-2014

To remediate CVE-2013-2014, upgrade the affected package to a fixed version below.

• Debian/keystone—upgrade to 2013.1.1-2 or later
• PyPI/keystone—upgrade to 8.0.0a0 or later

Is CVE-2013-2014 being exploited?

Low — EPSS is 2.4%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 2013.1.1-2
• from 0, < 8.0.0a0

References (9)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-2014
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-2014
• WEBlists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html
• WEBbugs.launchpad.net/keystone/+bug/1098177