cbcvebase.
CVE-2021-40797
published 2021-09-08

CVE-2021-40797: An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests…

PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.70%
74.4th percentile
An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

Affected

14 ranges
VendorProductVersion rangeFixed in
debianneutron< neutron 2:19.0.0-1 (bookworm)neutron 2:19.0.0-1 (bookworm)
openstackneutron< 16.4.116.4.1
openstackneutron>= 0 < 2:17.2.1-0+deb11u12:17.2.1-0+deb11u1
openstackneutron>= 0 < 2:19.0.0-12:19.0.0-1
openstackneutron>= 0 < 2:19.0.0-12:19.0.0-1
openstackneutron>= 0 < 2:19.0.0-12:19.0.0-1
openstackneutron>= 0 < 16.4.116.4.1
openstackneutron>= 0 < 2:12.1.1-0ubuntu8.12:12.1.1-0ubuntu8.1
openstackneutron>= 0 < 2:16.4.2-0ubuntu6.22:16.4.2-0ubuntu6.2
openstackneutron>= 0 < 2:20.3.0-0ubuntu1.12:20.3.0-0ubuntu1.1
openstackneutron>= 17.0.0 < 17.2.117.2.1
openstackneutron>= 17.0.0 < 17.2.117.2.1
openstackneutron>= 18.0.0 < 18.1.118.1.1
openstackneutron>= 18.0.0 < 18.1.118.1.1

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv7.1HIGH
vendor_ubuntu7.1HIGH
vendor_debian6.5LOW
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.