CVE-2014-3555

OpenStack Neutron DoS via Allowed Address Pairs (2013.2.4, 2014.1.2, Juno-2)

Title source: llm

Description

OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.

References (8)

Core 8

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/60804

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-1120.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/68765

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/60766

Mailing List mailing-list x_refsource_mlist

http://seclists.org/oss-sec/2014/q3/200

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-1119.html

Issue Tracking x_refsource_misc

https://bugs.launchpad.net/neutron/+bug/1336207

Vendor Advisory mailing-list x_refsource_mlist

http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.html

Scores

EPSS 0.0088

EPSS Percentile 75.5%

Details

CWE

CWE-264

Status published

Products (5)

openstack/neutron 2013.2.4

openstack/neutron 2014.1

openstack/neutron 2014.1.1

openstack/neutron juno-1

pypi/neutron 0 - 2013.2.4PyPI

Published Jul 23, 2014

Tracked Since Feb 18, 2026