Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-40797

Опубликовано: 08 сент. 2021
Источник: redhat
CVSS3: 6.5

Описание

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

A resource-allocation flaw was found in openstack-neutron. An authenticated attacker could make API requests involving nonexistent controllers causing the API worker to consume increasing amounts of memory. This flaw could be exploited to force API performance degradation or denial of service.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Integration Camel K 1openstack-neutronNot affected
Red Hat OpenStack Platform 10 (Newton)openstack-neutronOut of support scope
Red Hat OpenStack Platform 13 (Queens)openstack-neutronOut of support scope
Red Hat OpenStack Platform 16.1openstack-neutronFixedRHSA-2022:099024.03.2022
Red Hat OpenStack Platform 16.2openstack-neutronFixedRHSA-2022:099623.03.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=2003248openstack-neutron: Routes middleware memory leak for nonexistent controllers

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-40797

CVSS3: 6.5
ubuntu
больше 4 лет назад

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

nvd логотип

CVE-2021-40797

CVSS3: 6.5
nvd
больше 4 лет назад

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

debian логотип

CVE-2021-40797

CVSS3: 6.5
debian
больше 4 лет назад

An issue was discovered in the routes middleware in OpenStack Neutron ...

github логотип

GHSA-cpx3-696p-3cw9

CVSS3: 6.5
github
больше 3 лет назад

OpenStack Neutron Denial of Service vulnerability

6.5 Medium

CVSS3