CVE-2021-40797 Information

Description

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1 17.x before 17.2.1 and 18.x before 18.1.1. By making API requests involving nonexistent controllers an authenticated user may cause the API worker to consume increasing amounts of memory resulting in API performance degradation or denial of service.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://launchpad.net/bugs/1942179 https://security.openstack.org/ossa/OSSA-2021-006.html http://www.openwall.com/lists/oss-security/2021/09/09/2

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5