OpenStack Neutron Improper Input Validation vulnerability

GHSA-wf44-4mgj-rwvx · CVE-2015-3221

Published May 14, 2022 · Modified Dec 4, 2024

Description

OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-3221
WEB https://access.redhat.com/errata/RHSA-2015:1680
WEB https://access.redhat.com/security/cve/CVE-2015-3221
WEB https://bugs.launchpad.net/neutron/+bug/1461054
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1232284
WEB https://git.openstack.org/cgit/openstack/neutron/commit/?id=9ff6138c47c95034ba845e9448ddffd147b51f38
PACKAGE https://opendev.org/openstack/neutron
WEB https://web.archive.org/web/20200228084753/http://www.securityfocus.com/bid/75368
WEB http://lists.openstack.org/pipermail/openstack-announce/2015-June/000377.html
WEB http://rhn.redhat.com/errata/RHSA-2015-1680.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes