Memory Leak in OpenStack Neutron Routes Middleware
CVE-2021-40797

6.5MEDIUM

Key Information:

Vendor

Openstack
Status
Neutron
Vendor
CVE Published:
8 September 2021

What is CVE-2021-40797?

In OpenStack Neutron, an identified flaw in the routes middleware can be exploited by authenticated users through API requests targeting nonexistent controllers. This misuse leads to excessive memory consumption by the API worker, which adversely affects API performance and can potentially result in a denial of service. Appropriate measures or updates are recommended to mitigate this issue.

References

https://launchpad.net/bugs/1942179
x_refsource_MISC
https://security.openstack.org/ossa/OSSA-2021-006.html
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2021/09/09/2
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.