An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/09/09/2 | Mailing List Patch Third Party Advisory |
https://launchpad.net/bugs/1942179 | Exploit Issue Tracking Third Party Advisory |
https://security.openstack.org/ossa/OSSA-2021-006.html | Patch Vendor Advisory |
http://www.openwall.com/lists/oss-security/2021/09/09/2 | Mailing List Patch Third Party Advisory |
https://launchpad.net/bugs/1942179 | Exploit Issue Tracking Third Party Advisory |
https://security.openstack.org/ossa/OSSA-2021-006.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:24
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2021/09/09/2 - Mailing List, Patch, Third Party Advisory | |
References | () https://launchpad.net/bugs/1942179 - Exploit, Issue Tracking, Third Party Advisory | |
References | () https://security.openstack.org/ossa/OSSA-2021-006.html - Patch, Vendor Advisory |
Information
Published : 2021-09-08 20:15
Updated : 2024-11-21 06:24
NVD link : CVE-2021-40797
Mitre link : CVE-2021-40797
CVE.ORG link : CVE-2021-40797
JSON object : View
Products Affected
openstack
- neutron
CWE
CWE-772
Missing Release of Resource after Effective Lifetime