CVE-2021-40797
An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.
Published
2021-09-08T20:15:11.060
Last Modified
2024-11-21T06:24:49.247
Status
Modified
Source
[email protected]
Severity
CVSSv3.1: 6.5 (MEDIUM)
CVSSv2 Vector
AV:N/AC:L/Au:S/C:N/I:N/A:P
- Access Vector: NETWORK
- Access Complexity: LOW
- Authentication: SINGLE
- Confidentiality Impact: NONE
- Integrity Impact: NONE
- Availability Impact: PARTIAL
Exploitability Score
8.0
Impact Score
2.9
Weaknesses
Affected Vendors & Products
References
-
http://www.openwall.com/lists/oss-security/2021/09/09/2
Mailing List, Patch, Third Party Advisory
([email protected])
-
https://launchpad.net/bugs/1942179
Exploit, Issue Tracking, Third Party Advisory
([email protected])
-
https://security.openstack.org/ossa/OSSA-2021-006.html
Patch, Vendor Advisory
([email protected])
-
http://www.openwall.com/lists/oss-security/2021/09/09/2
Mailing List, Patch, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://launchpad.net/bugs/1942179
Exploit, Issue Tracking, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://security.openstack.org/ossa/OSSA-2021-006.html
Patch, Vendor Advisory
(af854a3a-2127-422b-91ae-364da2661108)