CVE-2019-10876

CVE Database · CVE-2019-10876

CVE-2019-10876

· N/AModified

CVSS v3.1

N/A

EPSS

1.76%

Published

Apr 5, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.

Affected Products (5)

openstack · neutron (up to 11.0.7)vulnerable

openstack · neutron (up to 12.0.6)vulnerable

openstack · neutron (up to 13.0.3)vulnerable

redhat · openstackvulnerable

References (12)

http://www.openwall.com/lists/oss-security/2019/04/09/2

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2019:0879

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0935

Third Party Advisory