CVE-2021-40797

Published: Sep 8, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

Affected (3)

Products: Openstack: Neutron

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Openstack Neutron	Before 16.4.1
Openstack Neutron	From 17.0.0 to 17.2.1
Openstack Neutron	From 18.0.0 to 18.1.1

Related CWEs

Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

References (6)

http://www.openwall.com/lists/oss-security/2021/09/09/2

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

https://launchpad.net/bugs/1942179

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://security.openstack.org/ossa/OSSA-2021-006.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.openwall.com/lists/oss-security/2021/09/09/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

https://launchpad.net/bugs/1942179

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://security.openstack.org/ossa/OSSA-2021-006.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.