Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-40797
HistorySep 08, 2021 - 12:00 a.m.

CVE-2021-40797

2021-09-0800:00:00
ubuntu.com
ubuntu.com
11

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

45.9%

An issue was discovered in the routes middleware in OpenStack Neutron
before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API
requests involving nonexistent controllers, an authenticated user may cause
the API worker to consume increasing amounts of memory, resulting in API
performance degradation or denial of service.

Bugs

Notes

Author Note
mdeslaur This issue was fixed in (2:16.4.1-0ubuntu2) in focal-updates and (2:18.1.1-0ubuntu2) in hirsute-updates, and was later released to -security.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchneutron< 2:12.1.1-0ubuntu8.1UNKNOWN
ubuntu20.04noarchneutron< 2:16.4.2-0ubuntu6.2UNKNOWN
ubuntu16.04noarchneutron< anyUNKNOWN

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

45.9%