CVE-2014-3555

CWE-264 CWE-400 — Uncontrolled Resource Consumption10 documents8 sources

Severity

4.0MEDIUM

EPSS

0.9%

top 23.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Neutron

Timeline

PublishedJul 23

Latest updateMay 17

Description

OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages4 packages

▶NVDopenstack/neutron4 versions+3

▶PyPIneutron2014.1.0 — 2014.1.2+1

▶Debianneutron< 2014.1.1-3+3

▶Ubuntuneutron< 1:2014.1.2-0ubuntu1.1

🔴Vulnerability Details

GHSA

OpenStack Neutron allows remote authenticated users to cause a denial of service↗2022-05-17

▶

OSV

neutron vulnerabilities↗2014-08-21

▶

CVEList

CVE-2014-3555: OpenStack Neutron before 2013↗2014-07-23

▶

OSV

CVE-2014-3555: OpenStack Neutron before 2013↗2014-07-23

▶

📋Vendor Advisories

Ubuntu

OpenStack Neutron vulnerabilities↗2014-08-21

▶

Red Hat

openstack-neutron: Denial of Service in Neutron allowed address pair↗2014-07-21

▶

Debian

CVE-2014-3555: neutron - OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-...↗2014

▶

💬Community

Bugzilla

CVE-2014-3555 openstack-neutron: Denial of Service in Neutron allowed address pair [fedora-20]↗2014-07-23

▶

Bugzilla

CVE-2014-3555 openstack-neutron: Denial of Service in Neutron allowed address pair↗2014-07-11

▶