CVE-2022-3277

Published: 6 March 2023

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

Notes

This issue was fixed in (2:20.3.0-0ubuntu1) in jammy-proposed,
and was later released to -security.

Status

Severity score breakdown

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3277
• https://ubuntu.com/security/notices/USN-6067-1
• NVD
• Launchpad
• Debian

Bugs

• https://bugs.launchpad.net/neutron/+bug/1988026
• https://bugzilla.redhat.com/show_bug.cgi?id=2129193
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027150