Description
An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.
Related CPE's
a
openstack
neutron
References
http://www.openwall.com/lists/oss-security/2021/09/09/2
https://launchpad.net/bugs/1942179
https://security.openstack.org/ossa/OSSA-2021-006.html
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-09-08T20:15:11.060
3 years agoLast modified
2021-09-15T19:01:28.610
3 years ago