An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/09/09/2 | Mailing List Patch Third Party Advisory |
https://launchpad.net/bugs/1942179 | Exploit Issue Tracking Third Party Advisory |
https://security.openstack.org/ossa/OSSA-2021-006.html | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-09-08T19:11:40
Updated: 2021-09-09T17:06:15
Reserved: 2021-09-08T00:00:00
Link: CVE-2021-40797
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-08T20:15:11.060
Modified: 2021-09-15T19:01:28.610
Link: CVE-2021-40797
JSON object: View
Redhat Information
No data.
CWE