Denial of Service Vulnerability in OpenStack Neutron by IPv6 Subnet Attachment
CVE-2014-4167

Currently unrated

Key Information:

Vendor: Openstack
Status: Neutron
Vendor: CVE Published:; 11 July 2014

Summary

The L3-agent in OpenStack Neutron allows remote authenticated users to create a denial of service condition by attaching an IPv6 private subnet to a L3 router. This action can lead to an IPv4 address attachment outage, disrupting network availability for users and services. The vulnerability affects several versions of Neutron, making it crucial for organizations to apply the recommended updates to mitigate this risk.

References

https://bugs.launchpad.net/neutron/+bug/1309195

x_refsource_CONFIRM

http://seclists.org/oss-sec/2014/q2/572

mailing-listx_refsource_MLIST

http://secunia.com/advisories/59533

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 11, 2014
Vulnerability Reserved
Jun 17, 2014