CVE-2014-7821

Openstack Neutron < 2014.1.4 - Improper Input Validation

Title source: rule

Description

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

References (9)

[Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155351.html

[Patch, Vendor Advisory] http://lists.openstack.org/pipermail/openstack-announce/2014-November/000303.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-1938.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-1942.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2015-0044.html

[Third Party Advisory] http://secunia.com/advisories/62586

[Third Party Advisory] http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

[Third Party Advisory] https://bugs.launchpad.net/neutron/+bug/1378450

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/98818

Scores

EPSS 0.0186

EPSS Percentile 82.8%

Classification

CWE

CWE-399 CWE-20

Status draft

Affected Products (3)

openstack/neutron < 2014.1.4

fedoraproject/fedora

redhat/openstack

Timeline

Published Nov 24, 2014

Tracked Since Feb 18, 2026