CVE-2022-3277

2023-03-0623:15:10

Debian Security Bug Tracker

security-tracker.debian.org

openstack

resource consumption

authentication

security groups

denial of service

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.7%

JSON

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user’s quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

OSVersionArchitecturePackageVersionFilename
Debian12allneutron<= 2:21.0.0-7neutron_2:21.0.0-7_all.deb
Debian11allneutron<= 2:17.2.1-0+deb11u1neutron_2:17.2.1-0+deb11u1_all.deb
Debian999allneutron<= 2:25.0.0~rc2-1neutron_2:25.0.0~rc2-1_all.deb
Debian13allneutron<= 2:25.0.0~rc1-2neutron_2:25.0.0~rc1-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	neutron	<= 2:21.0.0-7	neutron_2:21.0.0-7_all.deb
Debian	11	all	neutron	<= 2:17.2.1-0+deb11u1	neutron_2:17.2.1-0+deb11u1_all.deb
Debian	999	all	neutron	<= 2:25.0.0~rc2-1	neutron_2:25.0.0~rc2-1_all.deb
Debian	13	all	neutron	<= 2:25.0.0~rc1-2	neutron_2:25.0.0~rc1-2_all.deb