CVE-2021-40797

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

Published: Sep 8, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-40797
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-772

Affected Software
References

Software	From	Fixed in
openstack / neutron	-	16.4.1
openstack / neutron	18.0.0	18.1.1
openstack / neutron	17.0.0	17.2.1

http://www.openwall.com/lists/oss-security/2021/09/09/2
https://launchpad.net/bugs/1942179
https://security.openstack.org/ossa/OSSA-2021-006.html

Vulnerability Database

289,599

CVE-2021-40797