CVE-2021-40797
Summary
| CVE | CVE-2021-40797 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-09-08 20:15:00 UTC |
| Updated | 2021-09-15 19:01:00 UTC |
| Description | An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service. |
Risk And Classification
Problem Types: CWE-772
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - [OSSA-2021-006] Neutron: Routes middleware memory leak for nonexistent controllers (CVE-2021-40797) | MLIST | www.openwall.com | |
| Bug #1942179 “neutron api worker leaks memory when processing re...” : Bugs : neutron | MISC | launchpad.net | |
| OSSA-2021-006: Routes middleware memory leak for nonexistent controllers — OpenStack Security Advisories 0.0.1.dev242 documentation | CONFIRM | security.openstack.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 180368 Debian Security Update for neutron (CVE-2021-40797)
- 199327 Ubuntu Security Notification for OpenStack Neutron Vulnerabilities (USN-6067-1)
- 240175 Red Hat Update for OpenStack Platform 16.1 (RHSA-2022:0990)
- 240179 Red Hat Update for OpenStack Platform 16.2 (RHSA-2022:0996)
- 997504 Python (Pip) Security Update for neutron (GHSA-cpx3-696p-3cw9)