7.1
CVE-2026-49017
- EPSS 0.32%
- Veröffentlicht 27.05.2026 01:57:58
- Zuletzt bearbeitet 02.06.2026 20:16:39
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently unresponsive with increasing CPU and memory consumption. An authenticated attacker can systematically exhaust all proxy-server workers, resulting in denial of service. The defect was introduced in Swift 2.36.0.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerOpenStack
≫
Produkt
Swift
Default Statusunaffected
Version
2.36.0
Version <
2.36.2
Status
affected
Version
2.37.0
Version <
2.37.2
Status
affected
Version
2.35.1
Version <
2.35.3
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.238 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@mitre.org | 7.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
https://bugs.launchpad.net/bugs/2152205
https://review.opendev.org/c/openstack/swift/+/987957
https://review.opendev.org/c/openstack/swift/+/988093
http://www.openwall.com/lists/oss-security/2026/05/27/9
http://www.openwall.com/lists/oss-security/2026/06/02/6