CVE-2016-0738

CWE-399 CWE-400 — Uncontrolled Resource Consumption12 documents8 sources

Severity

7.5HIGH

EPSS

5.8%

top 9.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Swift

Timeline

PublishedJan 29

Latest updateMay 17

Description

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDopenstack/swift2.3.0+2

▶PyPIswift2.4.0 — 2.5.1+1

▶Debianswift< 2.5.0-3+3

▶Ubuntuswift< 1.13.1-0ubuntu1.5

Patches

Patch: security.openstack.org ↗Patch: security.openstack.org ↗

🔴Vulnerability Details

GHSA

OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service↗2022-05-17

▶

OSV

OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service↗2022-05-17

▶

OSV

swift vulnerabilities↗2017-10-11

▶

OSV

CVE-2016-0738: OpenStack Object Storage (Swift) before 2↗2016-01-29

▶

CVEList

CVE-2016-0738: OpenStack Object Storage (Swift) before 2↗2016-01-29

▶

📋Vendor Advisories

Ubuntu

OpenStack Swift vulnerabilities↗2017-10-11

▶

Red Hat

openstack-swift: Proxy to server DoS through Large Objects↗2016-01-20

▶

Debian

CVE-2016-0738: swift - OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2....↗2016

▶

💬Community

Bugzilla

CVE-2016-0738 openstack-swift: Proxy to server DoS through Large Objects [fedora-all]↗2016-01-21

▶

Bugzilla

CVE-2016-0737 openstack-swift: Client to proxy DoS through Large Objects↗2016-01-15

▶

Bugzilla

CVE-2016-0738 openstack-swift: Proxy to server DoS through Large Objects↗2016-01-15

▶