Candidate: CVE-2021-40797
PublicDate: 2021-09-08 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40797
 https://launchpad.net/bugs/1942179
Description:
 An issue was discovered in the routes middleware in OpenStack Neutron
 before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API
 requests involving nonexistent controllers, an authenticated user may cause
 the API worker to consume increasing amounts of memory, resulting in API
 performance degradation or denial of service.
Ubuntu-Description:
Notes:
 mdeslaur> This issue is fixed in (2:16.4.1-0ubuntu2) in focal-updates and
 mdeslaur> (2:18.1.1-0ubuntu2) in hirsute-updates, but they have not yet
 mdeslaur> been released to -security.
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_neutron:
upstream_neutron: released (16.4.1, 17.2.1, 18.1.1)
trusty_neutron: ignored (out of standard support)
trusty/esm_neutron: DNE
xenial_neutron: ignored (out of standard support)
esm-infra/xenial_neutron: needs-triage
bionic_neutron: needs-triage
focal_neutron: needed
hirsute_neutron: ignored (reached end-of-life)
impish_neutron: not-affected (2:18.1.1+git2021091315.0fa97ecceb-0ubuntu1)
jammy_neutron: not-affected (2:18.1.1+git2021091315.0fa97ecceb-0ubuntu1)
devel_neutron: not-affected (2:18.1.1+git2021091315.0fa97ecceb-0ubuntu1)