Your submission was sent successfully! Close

CVE-2021-40085

Published: 31 August 2021

An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
neutron
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needed

hirsute Ignored
(reached end-of-life)
impish Not vulnerable
(2:18.1.1+git2021091315.0fa97ecceb-0ubuntu1)
jammy Not vulnerable
(2:18.1.1+git2021091315.0fa97ecceb-0ubuntu1)
trusty Does not exist

upstream
Released (16.4.1, 17.2.1, 18.1.1)
xenial Needs triage

Notes

AuthorNote
mdeslaur
This issue is fixed in (2:16.4.1-0ubuntu2) in focal-updates and
(2:18.1.1-0ubuntu2) in hirsute-updates, but they have not yet
been released to -security.

References