Your submission was sent successfully! Close

CVE-2021-40797

Published: 8 September 2021

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

Notes

AuthorNote
mdeslaur
This issue is fixed in (2:16.4.1-0ubuntu2) in focal-updates and
(2:18.1.1-0ubuntu2) in hirsute-updates, but they have not yet
been released to -security.
Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
neutron
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needed

hirsute Ignored
(reached end-of-life)
impish Not vulnerable
(2:18.1.1+git2021091315.0fa97ecceb-0ubuntu1)
jammy Not vulnerable
(2:18.1.1+git2021091315.0fa97ecceb-0ubuntu1)
trusty Does not exist

upstream
Released (16.4.1, 17.2.1, 18.1.1)
xenial Needs triage