CVE-2021-40797

CVE Database · CVE-2021-40797

CVE-2021-40797

· MEDIUMModified

CVSS v3.1

6.5

EPSS

1.70%

Published

Sep 8, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-772

Affected Products (3)

openstack · neutron (up to 16.4.1)vulnerable

openstack · neutron (up to 17.2.1)vulnerable

openstack · neutron (up to 18.1.1)vulnerable

References (6)

http://www.openwall.com/lists/oss-security/2021/09/09/2

Mailing ListPatchThird Party Advisory

https://launchpad.net/bugs/1942179