Vulnerability CVE-2021-40797
Published: 2021-09-08

Description:
An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

Type:

CWE-772

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Openstack -> Neutron 

 References:
https://launchpad.net/bugs/1942179
https://security.openstack.org/ossa/OSSA-2021-006.html
http://www.openwall.com/lists/oss-security/2021/09/09/2
Copyright 2024, cxsecurity.com

 

Back to Top