CVE-2014-7821

CWE-20Improper Input ValidationCWE-3998 documents7 sources
Severity
4.0MEDIUM
EPSS
1.9%
top 16.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Openstack NeutronFedoraproject FedoraRedhat Openstack
Timeline
PublishedNov 24
Latest updateMay 14

Description

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

NVDopenstack/neutron2012.2.12014.1.4+1
Debianneutron< 2014.1.3-6+3

Also affects: Fedora 20

Patches

Patch: lists.openstack.orgPatch: lists.openstack.org

🔴Vulnerability Details

3
GHSA
GHSA-3v86-wqpm-qc9x: OpenStack Neutron before 20142022-05-14
CVEList
CVE-2014-7821: OpenStack Neutron before 20142014-11-24
OSV
CVE-2014-7821: OpenStack Neutron before 20142014-11-24

📋Vendor Advisories

2
Red Hat
openstack-neutron: DoS via maliciously crafted dns_nameservers2014-11-19
Debian
CVE-2014-7821: neutron - OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote aut...2014

💬Community

2
Bugzilla
CVE-2014-7821 openstack-neutron: DoS via maliciously crafted dns_nameservers [fedora-all]2014-11-19
Bugzilla
CVE-2014-7821 openstack-neutron: DoS via maliciously crafted dns_nameservers2014-11-12
CVE-2014-7821 (MEDIUM CVSS 4) | OpenStack Neutron before 2014.1.4 a | cvebase.io