An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/09/09/2 | Mailing List Patch Third Party Advisory |
https://launchpad.net/bugs/1942179 | Exploit Issue Tracking Third Party Advisory |
https://security.openstack.org/ossa/OSSA-2021-006.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-09-08 20:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-40797
Mitre link : CVE-2021-40797
CVE.ORG link : CVE-2021-40797
JSON object : View
Products Affected
openstack
- neutron
CWE
CWE-772
Missing Release of Resource after Effective Lifetime