6.5

CVE-2021-40797

Exploit

EPSS 0.47%
Published 08.09.2021 20:15:11
Last modified 21.11.2024 06:24:49
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Openstack ≫ Neutron Version < 16.4.1

Openstack ≫ Neutron Version >= 17.0.0 < 17.2.1

Openstack ≫ Neutron Version >= 18.0.0 < 18.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.47%	0.635

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

http://www.openwall.com/lists/oss-security/2021/09/09/2

Patch

Third Party Advisory

Mailing List

https://launchpad.net/bugs/1942179

Third Party Advisory

Exploit

Issue Tracking

https://security.openstack.org/ossa/OSSA-2021-006.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-40797

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-40797

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-40797

EUVD