CVE-2022-3277

CWE-400 — Uncontrolled Resource Consumption9 documents7 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 32.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Neutron Redhat Openstack Platform

Timeline

PublishedMar 6

Latest updateJul 12

Description

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶NVDopenstack/neutron19.0.0 — 19.5.0+1

▶CVEListV5openstack-neutronAs shipped with Red Hat Openstack 13, 16.1, and 16.2

▶PyPIneutron19.0.0.0rc1 — 19.5.0+2

▶Debianneutron< 2:21.0.0~rc1-3+2

▶NVDredhat/openstack_platform13.0, 16.1, 16.2+2

Patches

Patch: bugs.launchpad.net ↗Patch: bugzilla.redhat.com ↗Patch: bugs.launchpad.net ↗

🔴Vulnerability Details

OSV

openstack-neutron uncontrolled resource consumption flaw↗2023-03-07

▶

GHSA

openstack-neutron uncontrolled resource consumption flaw↗2023-03-07

▶

CVEList

CVE-2022-3277: An uncontrolled resource consumption flaw was found in openstack-neutron↗2023-03-06

▶

OSV

CVE-2022-3277: An uncontrolled resource consumption flaw was found in openstack-neutron↗2023-03-06

▶

📋Vendor Advisories

Red Hat

openstack-neutron: unrestricted creation of security groups (fix for CVE-2022-3277)↗2023-07-12

▶

Ubuntu

OpenStack Neutron vulnerabilities↗2023-05-10

▶

Red Hat

openstack-neutron: unrestricted creation of security groups↗2022-08-29

▶

Debian

CVE-2022-3277: neutron - An uncontrolled resource consumption flaw was found in openstack-neutron. This f...↗2022

▶