CVE-2021-40797

MEDIUM

OpenStack Neutron <16.4.1-18.1.1 - DoS

Title source: llm

Description

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

References (3)

[Exploit, Issue Tracking, Third Party Advisory] https://launchpad.net/bugs/1942179

[Patch, Vendor Advisory] https://security.openstack.org/ossa/OSSA-2021-006.html

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2021/09/09/2

Scores

CVSS v3 6.5

EPSS 0.0038

EPSS Percentile 59.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-772

Status published

Products (2)

openstack/neutron < 16.4.1

pypi/neutron 0 - 16.4.1PyPI

Published Sep 08, 2021

Tracked Since Feb 18, 2026