Description
An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.
References (3)
Core 3
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://launchpad.net/bugs/1942179
Patch, Vendor Advisory x_refsource_confirm
https://security.openstack.org/ossa/OSSA-2021-006.html
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/09/09/2
Scores
CVSS v3
6.5
EPSS
0.0170
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-772
Status
published
Products (2)
openstack/neutron
< 16.4.1
pypi/neutron
0 - 16.4.1PyPI
Published
Sep 08, 2021
Tracked Since
Feb 18, 2026