6.5

CVE-2021-40797

Exploit

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenstackNeutron Version < 16.4.1
OpenstackNeutron Version >= 17.0.0 < 17.2.1
OpenstackNeutron Version >= 18.0.0 < 18.1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.47% 0.635
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

http://www.openwall.com/lists/oss-security/2021/09/09/2
Patch
Third Party Advisory
Mailing List
https://launchpad.net/bugs/1942179
Third Party Advisory
Exploit
Issue Tracking