OpenStack Neutron Denial of Service vulnerability

GHSA-cpx3-696p-3cw9 · CVE-2021-40797 · PYSEC-2021-329

Published May 24, 2022 · Modified Sep 25, 2024

Description

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-40797
WEB https://github.com/openstack/neutron/commit/e610a5eb9e71aa2549fb11e2139370d227787da2
PACKAGE https://github.com/openstack/neutron
WEB https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-329.yaml
WEB https://launchpad.net/bugs/1942179
WEB https://security.openstack.org/ossa/OSSA-2021-006.html
WEB http://www.openwall.com/lists/oss-security/2021/09/09/2

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes