CVE-2021-40797

MEDIUM

OpenStack Neutron <16.4.1-18.1.1 - DoS

Title source: llm

Description

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

References (3)

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2021/09/09/2

[Exploit, Issue Tracking, Third Party Advisory] https://launchpad.net/bugs/1942179

[Patch, Vendor Advisory] https://security.openstack.org/ossa/OSSA-2021-006.html

Scores

CVSS v3 6.5

EPSS 0.0038

EPSS Percentile 59.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-772

Status published

Affected Products (2)

openstack/neutron < 16.4.1

pypi/neutron < 16.4.1PyPI

Timeline

Published Sep 08, 2021

Tracked Since Feb 18, 2026