Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2022-3277

Published: 6 March 2023

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

Notes

AuthorNote
mdeslaur
This issue was fixed in (2:20.3.0-0ubuntu1) in jammy-proposed,
and was later released to -security.

Priority

Medium

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
neutron
Launchpad, Ubuntu, Debian
bionic
Released (2:12.1.1-0ubuntu8.1)
trusty Ignored
(end of standard support)
xenial Needs triage

kinetic Not vulnerable
(2:21.0.0-0ubuntu1)
focal
Released (2:16.4.2-0ubuntu6.2)
jammy
Released (2:20.3.0-0ubuntu1.1)
upstream
Released (21.0.0.0rc1,20.3.0,19.5.0,18.6.0)
lunar Not vulnerable
(2:22.0.0-0ubuntu1)
mantic Not vulnerable
(2:22.0.0-0ubuntu1)
Patches:
upstream: https://opendev.org/openstack/neutron/commit/01fc2b9195f999df4d810df4ee63f77ecbc81f7e
upstream: https://opendev.org/openstack/neutron/commit/fd7fb0e9d8c602380f54975367d935ab69e10c05
upstream: https://opendev.org/openstack/neutron/commit/717e3e09556f1fb9a7a420863746fa785eb6c316
upstream: https://opendev.org/openstack/neutron/commit/733ef4f2d8c2a3734c360d1c1dd3a6fcd600cb8c
upstream: https://opendev.org/openstack/neutron/commit/d0e1b54fb1de932b2b30ab4269cf5789632df476
upstream: https://opendev.org/openstack/neutron/commit/cbeee87fa44cd200d4997e02042098460167dce1

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H