CVE-2021-40797

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.
References
Link Resource
http://www.openwall.com/lists/oss-security/2021/09/09/2 Mailing List Patch Third Party Advisory
https://launchpad.net/bugs/1942179 Exploit Issue Tracking Third Party Advisory
https://security.openstack.org/ossa/OSSA-2021-006.html Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2021/09/09/2 Mailing List Patch Third Party Advisory
https://launchpad.net/bugs/1942179 Exploit Issue Tracking Third Party Advisory
https://security.openstack.org/ossa/OSSA-2021-006.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:24

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2021/09/09/2 - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2021/09/09/2 - Mailing List, Patch, Third Party Advisory
References () https://launchpad.net/bugs/1942179 - Exploit, Issue Tracking, Third Party Advisory () https://launchpad.net/bugs/1942179 - Exploit, Issue Tracking, Third Party Advisory
References () https://security.openstack.org/ossa/OSSA-2021-006.html - Patch, Vendor Advisory () https://security.openstack.org/ossa/OSSA-2021-006.html - Patch, Vendor Advisory

Information

Published : 2021-09-08 20:15

Updated : 2024-11-21 06:24


NVD link : CVE-2021-40797

Mitre link : CVE-2021-40797

CVE.ORG link : CVE-2021-40797


JSON object : View

Products Affected

openstack

  • neutron
CWE
CWE-772

Missing Release of Resource after Effective Lifetime